Don't pass on small block ciphers
3 days ago
- #Cryptography
- #Block Ciphers
- #UUIDs
- Small block ciphers (32-bit, 64-bit) are often perceived as antiquated and insecure, but they remain useful in specific applications.
- Larger block ciphers (e.g., Rijndael-256, Vistrutah) are more versatile and secure, but small block ciphers still have niche uses.
- Small block ciphers are problematic because their limited block size makes them vulnerable to enumeration and distinguishing attacks.
- Block ciphers are symmetric cryptographic functions that apply a key-dependent permutation to input data.
- Small block ciphers can securely encrypt counters (e.g., account IDs, packet indices) to hide sensitive information.
- UUIDs (v1, v4, v6, v7) have trade-offs: v1/v7 leak timestamps, v4 is random but larger, and v6 is legacy-optimized.
- Small block ciphers can encrypt portions of UUIDs (e.g., timestamps in UUIDv7) to prevent leakage while retaining UUID properties.
- SIMON and SPECK (NSA-designed) are well-analyzed, efficient small block ciphers with no known practical attacks.
- Small block ciphers are not universally secure but can be useful in passive-adversary scenarios or when hiding specific data.
- Key whitening (FX/Even-Mansour) can enhance small block cipher security.