Game Development Reference
One of the most important security issues to correctly configure is the cipher
mode. This mode determines how the individual blocks of a transform are assem-
bled to form the final data.
Messages are usually more than one block in length, so how does the data get
encrypted? The obvious solution would be to encrypt each block individually and
slap them all together in the end. In actuality, this is one of the most insecure cipher
modes (ECB—Electronic Code Book), which can lead to security compromises of
the encrypted data.
Cipher modes are used to modify the encryption process based on data carried
over from previous block encryptions. The resulting encryption provides a much
higher level of security than performing a simple block-level encryption.
The .NET class framework has a variety of other cipher modes available at your
disposal, each with its own pros and cons. These cipher modes are listed in Table
16.2. We will be using the CBC mode for this chapter as it offers the best security.
Table 16.2 Cipher Modes Available in .NET 2.0
This cipher mode (Cipher Block Chaining Mode) appends a number of
bytes equal to the number of padding bytes used. Before each block is
encrypted, it is combined with the previous block using an exclusive
bitwise OR operation. This allows for each cipher block to be unique.
The initialization vector is combined with the first plain text block before
encryption occurs. If a single bit of the cipher block is corrupted, the
corresponding plain text block will also be corrupted. In addition, a bit
in the subsequent block in the same position will also be corrupted.
This cipher mode (Cipher Feedback Mode) processes small amounts of
plain text instead of an entire block at a time. A shift register is used that
is one block in length and is divided into sections. If the block size is eight
bytes, the shift register is divided into eight sections. If a bit in the cipher
text is corrupted, a plain text bit is corrupted as well as the shift register.
Then all results in the next several plain text processes will be corrupted
until the bad bit is shifted out of the register.
This cipher mode (Cipher Text Stealing Mode) handles any length of plain
text data and produces cipher text that has a length equal to the plain text
length. This cipher mode behaves exactly like the CBC mode except for the
last two blocks of plain text.