Network Security by Mr. B Venkata Reddy M.C.

A Unit-2

Unit-2
SECRET KEY CRYPTOGRAPHY

In this unit, we are going to learn about the following topics:

Algorithm Types Block encryption

✓ Stream Vs Block Encryption
Algorithm Modes
• ECB
• CBC
• CFB
• OFB DES Algorithm
• Double and Triple DES
• Meet-in-Middle IDEA Algorithm

Algorithm Types and Modes

An algorithm defines what size of plain text should be encrypted in each step of the
algorithm. The algorithm mode defines the details of the cryptographic algorithm, once
the type is decided.

1. Algorithm Types

We have been talking about the transformation

of plain text message into cipher text messages.
Regardless of the techniques used, at a broad
level, the generation of cipher text from plain
text itself can be done in two basic ways,

1. Stream ciphers and

2. Block ciphers.

1.1. Stream Ciphers

In Stream Ciphers, the plain text is encrypted one bit at a time. Suppose the
original message (plain text) is pay 100 in ASCII (i.e. text format). When we convert these
ASCII characters to their binary values, let us assume that it translate to 01011100
(hypothetically, just for simplicity, in reality, the binary text would be much larger as
each text character takes seven bits).

Suppose the key to be applied is 10010101 in binary. Let us also assume that
we apply the XOR logic as the encryption algorithm. XOR is quite simple to understand.
As shown in fig. in simple terms, XOR produces an output of 1 only if one input is
0 and the other is 1. The output is 0 if both the inputs are 0 or if both the inputs are 1

ALTS | Department of MCA Page 1

Network Security by Mr. B Venkata Reddy M.C.A Unit-2

(hence the name exclusive). We can see the effect of XOR in fig.

As a result of applying one bit of key for every respective bit of the original
message, the cipher text is generated as 11001001 in binary (ZTU91 ^% in text). Note
that each bit of the plain text is encrypted one after the other. Thus, what is
transmitted is 11001001 in binary, which even when translated back to ASCII would
mean ZTU91 ^%. This makes no sense to an attacker, and thus protects the
information.
Note: Stream Cipher technique involves the encryption of one plain text bit at a time.
The decryption also happens one bit at a time.

In text format In binary format

Pay 100
01011100 Plain
1 text
10010101 XO
Operation with the
1 R
key
XTU01 ^%D 11001001 Cipher
text

Fig. 2.3 Stream Ciphers

Another interesting property of XOR is that when used twice, it produces the
original data. For example, suppose we have two binary numbers A=101 and B=110. We
now want to perform an XOR operation on A and B to produce a third number C, i.e.:
C = A XOR
Thus, we will have: C = 101 XOR 110
C = 011

Now, if we perform C XOR A, we will get B. That is: B = 011 XOR 101
B =110

Similarly, if we perform C XOR B, we will get A. That is: A = 011 XOR 110
A= 101

This reversibility of XOR operations has many implications in cryptographic

algorithms, as we shall notice.

Note: XOR is reversible –when used twice, it produces the original values. This is
useful in cryptography.

1.2. Block Ciphers

A block cipher is a method of encrypting data in blocks to produce cipher text using a
cryptographic key and algorithm. The block cipher processes fixed-size blocks
simultaneously, as opposed to a stream cipher, which encrypts data one bit at a time.
Most modern block ciphers are designed to encrypt data in fixed-size blocks of either 64
or 128 bits.

ALTS | Department of MCA Page 2

Network Security by Mr. B Venkata Reddy M.C.A Unit-2

How does a block cipher work?

A block cipher uses a symmetric key and

algorithm to encrypt and decrypt a block of data.
A block cipher requires an initialization vector ((IV)
that is added to the input plaintext in order to
increase the key space of the cipher and make it
more difficult to use brute force to break the key.
The IV is derived from a random number
generator, which is combined with text in the first
block and the key to ensure all subsequent blocks
result in cipher text that does not match tha
thatt of the first encryption block.
block

In Block Ciphers, rather than encrypting one bit at a time, a block of bits is
encrypted at one go. Suppose we have a plain text FOUR_AND_FOUR that needs to be
encrypted. Using block cipher, FOUR could be encrypted first, followed by _AND_ and
finally FOUR. Thus, one block of characters gets encrypted at a time.
During decryption, each block would be translated back to the original form. In
actual practice, the communication takes place only in bits. Therefore, FOUR actually
means binary equivalent of the ASCII characters FOUR. After any algorithm encrypts
these, the resultant bits are converted back into their ASCII equivalents.
Therefore, we get funny symbols such as Vfa%, etc. In actual practice, their binary
equivalents are received, which are decrypted back into binary equivalent of ASCII
FOUR. This is shown in fig.
Block Cipher technique involves encryption of one block of text at a time.
Decryption also takes one block of encrypted text at a time. Practically the blocks use in
the block cipher generally Plain
contains 64 bits or more. As we FOUR -AND- FOUR text
have seen, stream ciphers
encrypt one bit at a time. This Encrypt Encrypt Encrypt
can be e very time consuming
and actually unnecessary in Cipher
real life. That is why block VFa% *yT1x VFa%
text
ciphers are used more often in
computer based cryptographic (a) The encryption process at the sender’s
algorithms as compared to end
stream ciphers. Consequently,
we will focus our attention on VFa% *yT1x VFa% Cipher
block ciphers with reference tto text
algorithm modes. However, as
we shall see, two of the block Decrypt Decrypt Decrypt
cipher algorithm modes can
also be implemented as stream
cipher modes. FOUR -AND FOUR Plain text

(b) The decryption process at the receiver’s end

2. Algorithm Modes:

An algorithm mode is a

ALTS | Department of MCA Page 3

Network Security by Mr. B Venkata Reddy M.C.A Unit-2

combination of a series of the basic algorithm steps on block cipher, and some kind of
feedback from the previous step. There are four important algorithm modes, namely,
Electronic Code Book (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB)
and Output Feedback (OFB).

Algorithm
Modes

Electronic Code Cipher Block Cipher Feedback Output Feedback

Book (ECB) Chaining (CFB) (OFB)
(CBC)

These two modes work on These two modes work on

block ciphers block ciphers acting as
stream ciphers.

Note: The input to the encryption processes of the CBC, CFB, and OFB modes
includes, in addition to the plaintext, a data block called the initialization vector
(IV), denoted IV. The IV is used in an initial step in the encryption of a message and
in the corresponding decryption of the message.

2.1. Electronic Code Book (ECB) mode:

Electronic Code Book (ECB) is the simplest mode of operation. Here the
meaning plain text message is divided into blocks of 64 bits each. Each such block
is encrypted independently of the other blocks. For all blocks in a message, the same
key is used for encryption.
At the receiver’s end, the incoming data is divided into 64-bit blocks, and by
using the same key as was used for encryption, each block is decrypted to produce
the corresponding plain text block. This process is shown in below fig.
In ECB, since a single key is used for encrypting all the blocks of a message, if
a plain text block repeats in the original message the corresponding cipher text block
will also repeat in the encrypted message. Therefore, ECB is suitable only for
encrypting small messages, where the scope for repeating the same plain text blocks
is quite less.
Advantages of using ECB –
1. Parallel encryption of blocks of bits is possible, thus it is a faster way of
encryption.
2. Simple way of the block cipher.
Disadvantages of using ECB –
1. Prone to cryptanalysis since there is a direct relationship between plaintext and
cipher text.

ALTS | Department of MCA Page 4

Network Security by Mr. B Venkata Reddy M.C.A Unit-2

2.2. Cipher Block Chaining (CBC) Mode:

Cipher block chaining or CBC is an advancement made on ECB since ECB

compromises some security requirements. In CBC, the previous cipher block is given
as input to the next encryption algorithm after XOR with the original plaintext block.
In a nutshell here, a cipher block is produced by encrypting an XOR output of the
previous cipher block and present plaintext block. The process is illustrated here:

Advantages of CBC
1. CBC works well for input greater than b bits.
2. CBC is a good authentication mechanism.
3. Better resistive nature towards cryptanalysis than ECB.

ALTS | Department of MCA Page 5

Network Security by Mr. B Venkata Reddy M.C.A Unit-2

Disadvantages of CBC
2. Parallel encryption is not possible since every encryption requires a previous
cipher.

2.3. Cipher Feedback Mode (CFB) Mode:

In this mode the cipher is given as feedback to the next block of encryption with some
new specifications: first, an initial vector IV is used for first encryption and output
bits are divided as a set of s and b-s bits. The left-hand side s bits are selected along
with plaintext bits to which an XOR operation is applied. The result is given as input
to a shift register having b-s bits to lhs,s bits to rhs and the process continues. The
encryption and decryption process for the same is shown below, both of them use
encryption algorithms.

Advantages of CFB
3. Since, there is some data loss due to the use of shift register, thus it is difficult for
applying cryptanalysis.
Disadvantages of using CFB –
4. The drawbacks of CFB are the same as those of CBC mode. Both block losses and
concurrent encryption of several blocks are not supported by the encryption.
Decryption, however, is parallelizable and loss-tolerant.

2.4. Output Feedback (OF) Mode

The output feedback mode follows nearly the same process as the Cipher Feedback
mode except that it sends the encrypted output as feedback instead of the actual
cipher which is XOR output. In this output feedback mode, all bits of the block are
sent instead of sending selected s bits. The Output Feedback mode of block cipher
holds great resistance towards bit transmission errors. It also decreases the
dependency or relationship of the cipher on the plaintext.

ALTS | Department of MCA Page 6

Network Security by Mr. B Venkata Reddy M.C.A Unit-2

Advantages of OFB
1. In the case of CFB, a single bit error in a block is propagated to all subsequent
blocks. This problem is solved by OFB as it is free from bit errors in the plaintext
block.
Disadvantages of OFB-
1. The drawback of OFB is that, because to its operational modes, it is more
susceptible to a message stream modification attack than CFB.

Applications of Block Ciphers

1. Data Encryption: Block Ciphers are widely used for the encryption of private and
sensitive data such as passwords, credit card details and other information that
is transmitted or stored for a communication. This encryption process converts a
plain data into non-readable and complex form. Encrypted data can be decrypted
only by the authorised person with the private keys.

2. File and Disk Encryption: Block Ciphers are used for encryption of entire files
and disks in order to protect their contents and restrict from unauthorised users.
The disk encryption software’s such as Bit Locker, True Crypt also uses block
cipher to encrypt data and make it secure.

3. Virtual Private Networks (VPN): Virtual Private Networks (VPN) use block cipher
for the encryption of data that is being transmitted between the two
communicating devices over the internet. This process makes sure that data is
not accessed by unauthorised person when it is being transmitted to another
user.

4. Secure Sockets Layer (SSL) and Transport Layer Security (TLS): SSL and TLS
protocols use block ciphers for encryption of data that is transmitted between
web browsers and servers over the internet. This encryption process provides
security to confidential data such as login credentials, card information etc.

ALTS | Department of MCA Page 7

Network Security by Mr. B Venkata Reddy M.C.A Unit-2

5. Digital Signatures: Block ciphers are used in the digital signature algorithms, to
provide authenticity and integrity to the digital documents. This encryption
process generates the unique signature for each document that is used for
verifying the authenticity and detecting if any malicious activity is detected.

2.3. DES (Data Encryption Standard) Cipher Algorithm

Data Encryption Standard (DES):

The Data Encryption Standard (DES) is a symmetric-key block cipher published by

the National Institute of Standards and Technology (NIST).

DES is an implementation of a Feistel Cipher. It uses 16 round Feistel structure.

The block size is 64-bit. Though, key length is 64-bit, DES has an effective key
length of 56 bits, since 8 of the 64 bits of the key are not used by the encryption
algorithm (function as check bits only). General Structure of DES is depicted in the
following illustration.

DES Algorithm:

Step 1: 64 bit plain text blocks are handed over to the Initial Permutation (IP)
function.

Step 2: IP is then performed on the plain text.

Step 3: IP produces 2 halves; say Left Plain Text (LPT) and Right Plain Text (RPT),
both of 32 bit each.

Step 4: Perform 16 rounds of encryption process on each (both LPT & RPT) with its
own key.

ALTS | Department of MCA Page 8

Network Security by Mr. B Venkata Reddy M.C.A Unit-2

The encryption process step 4 is further broken down into five stages Rounds
are defined as follows in the algorithm:

4A. Key transformation

4B: Expansion Permutation (EP)

4C: S-Box Substitution Permutation

4D: P-Box Permutation

4E: XOR and Swap.

Step 5: LPT and RPT are rejoined finally and a Final

Permutation (FP) is performed on the combined block.

Step 6: The result of this process produces 64-bit cipher

text.
Explanation of the algorithm:
1. Comparing the IP table performs IP. It happens only
once, and it happens before the first round. It
suggests how the transposition in IP should
proceed, as shown in the IP table.
2. In the rounds,
Step 1 is key transformation. That is achieved by

1. Shifting the key position by considering the Round Table.

2. Compare the Compression Table to get the sub key of 48 bits.

Step 2 is Expansion Permutation (EP). In this step, the 32-bit RPT is expanded to
48 bits as it of key length. The process is shown as under:

The 32-bit text is divided into 8 blocks of 4 bits each. Then by adding 2 bits extra,
which is the first bit of the block 1 is the last bit of the block 8 and the last bit of
the block 8 is the first bit of the 7th block the 48-bit text is obtained.
Diagram for the same is as below:

Input Block 1 (4 bits) Input Block 2 (4 bits) Input Block 8 (4 bits)

1 2 3 4 5 7 29 30 31 32

1 2 3 4 5 6 7 8 9 10 11 12 43 44 45 46 47 4
8
Output Block 1 (6 bits) Output Block 2 (6 bits) Output Block 8 (6 bits)

ALTS | Department of MCA Page 9

Network Security by Mr. B Venkata Reddy M.C.A Unit-2

After this expansion it will be compared with the Expansion Permutation Table.

Step 3 in Round is S-Box Substitution.

1. This step reduces 48 bits RPT into 32 bits because LPT is of 32 bits.
2. It accepts 48 bits, does some XOR logic and gives 32 bits.

The 48 bits key (Result of Step 1) and the 48 bits of RPT (Result of Step 2) will be
XOR and the output will be 48 bits Input block and that will be given as the input
for the S-Box Substitution.

The 48-bit block text will be divided into 8 blocks of 6 bits each.

Decimal equivalent of the first and last bit in a block denotes the row number and
decimal equivalent of the bit 2,3,4 and 5 denotes the column number of the S-Box
Substitution table.

Check the value and take the binary equivalent of the number.The result is 4-bit
binary number.

For example if the 6-bit number is 100101 then the first and last bit is 11 and the
decimal equivalent of the number is 3. The remaining bits are 0010 and the decimal
equivalent of the number is 2. If it is the first block of input, then check the 3rd row
2nd column value in the Sbox-1 substitution table. It is given as 1 in the table.
Binary equivalent of 1 is 0001.

The input 100101 of 6-bit is now reduced to 0001 after S-Box Substitution.

ALTS | Department of MCA Page 10

Network Security by Mr. B Venkata Reddy M.C.A Unit-2

0010 – Column 2

1 0 0 1 0 1

11- Row-3
Compare 3rd Row 2nd Column in S-box -1

Binary
1 0 0 0 Equivalent

Original 64 bit Plain Text Block

32 bit Left Plain Text 32 bit Right Plain Text Block

Block

1. Key Transformation
(not involved directly)
2. Expansion permutation
3. S-box Substitution
4. P-box Substitution

XOR

32 bit Left Plain Text Block 32 bit Right Plain Text Block

Next Round

Step 4 in Round is P-Box Permutation.

In this step, the output of S-Box, that is 32 bits are permuted using a p-box.
This mechanism involves simple permutation that is replacement of each bit with
another bit as specified in the p-Box table, without any expansion or compression
this is called as P- Box Permutation. The P-Box is shown below.

16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10
2 8 24 14 32 27 3 9 19 13 30 6 22 11 4 25

For example, a 16 in the first block indicates that the bit at position 16 moves to
bit at position 1 in the output.

ALTS | Department of MCA Page 11

Network Security by Mr. B Venkata Reddy M.C.A Unit-2

Step 5 is XOR and Swap

The untouched LPT, which is of 32 bits, is XORed with the resultant RPT that
is with the output produced by P-Box permutation. The result of this XOR
operation becomes the new right half. The old right half becomes the new left half in
the process of swapping.

At the end of 16 rounds, the Final Permutation is performed only once. This is a
simple transposition based on the Final Permutation Table.

Step 6 is the output of the Final permutation is the 64-bit encrypted block.

1.4. Multiple Encryptions with DES:

Improving the Security of DES

You can improve the security of DES by performing multiple encryptions,

known as super encryption. The two most common ways of doing this are with
double encryption (Double DES) and with triple encryption (Triple DES).

While double DES appears to add significant security, research has found
some points of attack, and therefore experts recommend Triple DES for applications
where single DES is not adequate.

1. Double DES:

In Double DES, each 64-bit block of data is encrypted twice with the DES
algorithm, first with one key, then with another, as follows:

1. Encrypt with (key 1).

2. Encrypt with (key 2).
Plaintext (key1) (key2) cipher text:

Double DES is not significantly more secure than single DES. In 1981,
Ralph Merkle and Martin Hellman published an article in which they outlined a so-
called "meet-in-the-middle attack. The meet-in-the-middle attack is a known
plaintext attack which requires that an attacker have both a known piece of
plaintext and a block of that same text that has been encrypted. (These pieces are
surprisingly easily to get.)

The attack requires storing 256 intermediate results when trying to crack a
message that has been encrypted with DES (a total of 259 bytes), but it reduces the
number of different keys you need to check from 2112 to 257. "This is still
considerably more memory storage than one could comfortably comprehend, but it's
enough to convince the most paranoid of cryptographers that double encryption is
not worth anything.

In other words, because a message encrypted with DES can be forcibly

decrypted by an attacker performing an exhaustive key search today, an attacker
might also be able to forcibly decrypt a message encrypted with Double DES using a
meet-in-the-middle attack at some point in the future.

ALTS | Department of MCA Page 12

Network Security by Mr. B Venkata Reddy M.C.A Unit-2

2. Triple DES:

This is a known variant of DES and is very easy to implement given an

implementation of DES. Its strength lies in the new key length of 168 bits which
addresses the biggest weakness with standard DES albeit with an unorthodox key
length like standard DES.

The dangers of the Merkle-Hellman meet-in-the-middle attack can be

circumvented by performing three block encryption operations. This method is called
Triple DES. In practice, the most common way to perform Triple DES is:

3. Encrypt with (key1).

4. Decrypt with (key2).
5. Encrypt with (key3).

The advantage of this technique is that it can be backward compatible with

single DES, simply by setting all three keys to be the same value.

To decrypt, reverse the steps:

1. Decrypt with (key3).

2. Encrypt with (key2).
3. Decrypt with (key1).

For many applications, you can use the same key for both key1 and key3
without creating a significant vulnerability. Triple DES appears to be roughly as
secure as single DES would be if it had a 112-bit key.
How secure is this really? Suppose you had an integrated circuit which
could perform one million Triple DES encryptions per second, and you built a
massive computer containing one million of these chips to forcibly try all Triple DES
keys. This computer, capable of testing 1012 encryptions per second, would require:

2112 = 5.19 x 1033 encryption operations

5.19 x 1033 encryption operations / 1012 operations/sec
= 5.19 x 1021 sec
= 1.65 x 1014 years.

This is more than 16,453 times older than the currently estimated age of the
universe (approximately 1010 years).

Apparently, barring new discoveries uncovering fundamental flaws or

weaknesses with the DES algorithm, or new breakthroughs in the field of
cryptanalysis, Triple DES is the most secure private key encryption algorithm that
humanity will ever need.

"Meet in the middle" example:

Let us assume that we are given a message M, its encryption C, and double
DES was employed, i.e. C = Ek1 (Ek2 (M)). One calculates Ek2 [M] for all K2 and
stores these values in a hash table. One then computes E−1 k1 [C], for all k1 looks
for collisions in the hash table that can be investigated further.

ALTS | Department of MCA Page 13

Network Security by Mr. B Venkata Reddy M.C.A Unit-2

This approach uses time at most 257 so it is only marginally more expensive
than single DES. On a more pessimistic note the procedure also uses 256 memory
and that might be harder to come by.

Breaking DES:

Given a set of known plaintexts and crypto texts, it is possible to analyze the
pairs and construct and reduce the number of keys it is necessary to check.
Examples of such an approach are:

 Differential crypto-analysis.
 Linear crypto-analysis.

The former algorithm can successfully crypt-analyze DES by seeing 247 chosen
plaintexts, the latter algorithm, however, requires ≈ 243 message blocks, which is ≈
246 bytes, or 64 Tera bytes.

2.5. IDEA ALGORITHM AND ITS WORKING

The IDEA in perceived as one of the strongest cryptographic algorithms. It was

launched in 1990 and underwent certain changes in names and capabilities as
shown in table.

Year Name

1990 Proposed Encryption Standard(PES)

1991 Improved Proposed Encryption

Standard(IPES)
1992 International Data Encryption
Algorithm(IDEA)

One popular email privacy technology known as Pretty Good Privacy (PGP) is
based on IDEA.
1. IDEA is block cipher.
2. IDEA is reversible like DES, i.e. the same algorithm is used for encryption
and decryption.
3. It uses both confusion and diffusion for encryption.

Algorithm:
1. Consider the input plain text of 64 bits.
2. Divide the input plain text into 4 portions each of size 16 bits (Say p1 to P4).
3. Now perform 8 rounds of algorithm.

A. In each round 6 sub-keys are generated from the original key. Each of the
sub-keys consists of 16-bits. These six sub-keys are applied to four input
blocks P1 to P4.Thus for first round, we have 6 keys say k1 to k6;for second
round , we have k7 to k12.Finally for eight round we have keys k43 to k48.

B. Multiply, add and XOR the plain text blocks with sub keys.

ALTS | Department of MCA Page 14

Network Security by Mr. B Venkata Reddy M.C.A Unit-2

4. Perform an output transformation in sub-keys.

5. Combine all the 4 blocks of output transformation to get the cipertext of 64
bits.

Input Plain Text (64 bits)

P1 P2 P3 P4

K1
.
ROUND ONE .
K6
K1
.
ROUND TWO .
K6
K1
.
ROUND THREE .
K6

Out Put Transformation (4 Sub Key)

C1 C2 C3 C4

Output Cipher Text (64 bits)

1. Details of first round in IDEA:

The initial key consists of 128 bits from which 6 sub-keys k1 to k6 are
generated for the first round.

Since k1 to k6 consist of 16 bits each, out of the original 128 bits, the first 96
bits (6 sub-keys * 16 bits per sub – key) are used for the first round. Thus at the end
of the first round, bits 97-128 of the original keys are unused.

2. Details of second round in IDEA:

In 2nd round 31 unused bits are used. For second round we still require (96-
31=65) more bits.But the original key 128 bits are exhausted.

ALTS | Department of MCA Page 15

Network Security by Mr. B Venkata Reddy M.C.A Unit-2

Now IDEA uses the techniques of key shifting. At this stage the original key is
shifted left circularly by 25 bits that is , the 26th bit of original key moves to the first
position and becomes the first bit after the shift, and the 25th bit of the original key
moves to the last position and becomes the 128th bit after the shift

3. Details of one round in IDEA:

1. Multiply P1 and k1
2. Add P2 and K2
3. Add P3 and k3
4. Multiply P4 and k4
5.XOR the results of steps 1 and 3.
6. XOR the results of steps 2 and 4.
7. Multiply step 5 and k5
8. Add steps 6 and step 7.
9. Multiply the result of step 8 and k6.
10. Add steps 7 and 9.
11. XOR the results of steps 1 and 9.
12. XOR the results of steps 3 and 9.
13. XOR the results of steps 2 and 10. 14 .XOR the results of steps 4 and 10.

4. Details of output Transformation:

 The output transformation is a onetime operation. It takes place at the end
of the 8th round.
 It is 64 bit value divided into 4 sub-blocks (say R1 to R4 each consisting of
16 bits).
Step 1: Multiply R1 and k49.
Step2: Add R2 and k50.
Step3: Add r3 and k51.
Step 4: Multiply r4 and k52.

R1 R2 R3 R4

K49 Multiply K50

Add K50 Add K50 Multiply

C1 C1 C1 C1

Output Cipher Text (64 bit)

ALTS | Department of MCA Page 16

Network Security by Mr. B Venkata Reddy M.C.A Unit-2

A Symmetric Cryptosystems Comparison Table

Cipher Security Speed (486 pc) Key length

DES Low 400 kb/s 56 bits

Triple DES Good 150 kb/s 112 bits
IDEA good* 200 kb/s 128 bits

Triple IDEA very good* ~100 kb/s 256 bits

* The algorithm is believed to be strong

** The algorithm itself is good, but it has a built-in weakness
Questions for practice:
1) Distinguish between block and stream cipher.
2) Explain the algorithm modes in detail. Compare the four different modes.
3) Explain DES, one of the symmetric cryptosystem algorithms in detail.
4) Explain IDEA and its working in detail.
5) What are the variations of DES? How they can improve the security?
6) Discuss the problems with DES and its variations. Give example.
7) Compare symmetric cryptosystems and explain the features.

The End

ALTS | Department of MCA Page 17