Electronic Code Book, often abbreviated to
ECB, is a mode of operation used with
block ciphers. Block ciphers, such as
DES or
Blowfish, encrypt a block of
plaintext, usually 64-bits in length, into a block of
ciphertext of the same length.
In ECB mode, each block of plaintext will, given one particular key, always be encrypted into the same ciphertext. Thus, you could have a code book to map each ciphertext block into its plaintext equivalent. Of course, you need a separate code book for each key. ECB can be considered the default mode for block ciphers; other modes take additional steps so that plaintext will be encrypted differently depending on where it appears in a stream.
ECB is not a good choice for computer encryption. It might make sense if you are doing decryption by hand, but ECB makes any algorithm highly suseptible to dictionary attacks. An eavesdropper can just as easily build his or her own code book and guess at the plaintext based on frequencies; I'm no cryptographer, but I'm sure there are lots of more sophisticated attacks, too.
Some situations where ECB might be useful are:
- where the encryption or decryption of blocks need to be parallelized
- where an unreliable transport (e.g. UDP) is being used, and the plaintext needs be recoverable even if a block is lost
Even in these situations, techniques like
salting the data or chaining off a counter are recommended.
The most common alternative to ECB mode is Cipher Block Chaining, which adds information from the previous block into the encyption of a block. This in turn means that the same plaintext will have different ciphertext at different points within the stream.