When using symmetric encryption, repetition is the enemy of security. For the basic stream cipher and block cipher algorithms, an attacker can exploit repetition in either the input or key to gain information about the protected message.

Stream ciphers have a straightforward attack if you encrypt two messages with the same portion of a key stream. Due to the symmetry of encryption and decryption, you can apply the encrypted stream of one message with the encrypted stream of the other message and produce a predictable combination of the input streams. Depending on what you know about the structure of the messages, this may be enough to allow you to untangle the plaintext of each message. Of course, if the attacker controls one of the messages, then they can simply decrypt using the message text to directly obtain the encryption key. The solution to this problem is to never reuse a key stream and regenerate keys when the stream is about to repeat.

Block ciphers have a similar attack when a message contains the same block more than once. Since a particular block value in one message will always encrypt to the same value, it's possible to analyze the repetitions and learn something about the input text. This type of repetition is defeated by chaining the value of the current block of input text with the value of the previous encrypted block using some function. Someone that knows the encryption key can easily undo this process but it's otherwise very difficult to find repetitions because the same encrypted text can be decoded multiple ways depending on the previous blocks. There's nothing with which to chain the first block so many algorithms create a random salt to use for initialization. This salt value is then included in the message for decoding.

Even with these protections, it's still possible for two encrypted blocks to have the same value. The next pair of blocks is then susceptible to analysis because the input value being chained is the same in both cases. Fortunately, this is a rare occurrence with a large enough block size. It just so happens that we've already figured out how likely this is to occur.

Next time: Symmetric Cipher Suites