Security Glossary

Cipher Block Chaining (CBC)

An encryption mode where each plaintext block is XORed with the previous ciphertext block before encryption, hiding patterns but vulnerable to certain attacks.

Cipher Block Chaining (CBC) is an encryption mode where each plaintext block is XORed with the previous ciphertext block before encryption. This chains blocks together, preventing the pattern leakage found in ECB mode.

How It Works

Encryption:
C[0] = IV (Initialization Vector)
C[i] = Encrypt(P[i] XOR C[i-1], Key)

Decryption:
P[i] = Decrypt(C[i], Key) XOR C[i-1]

// First block uses IV instead of previous ciphertext

Visual Representation

         P[1]              P[2]              P[3]
          │                  │                  │
          ▼                  ▼                  ▼
IV ──► [XOR] ──► [Encrypt] ─┬─► [XOR] ──► [Encrypt] ─┬─► [XOR] ──► [Encrypt]
                            │                        │
                            ▼                        ▼
                          C[1]                     C[2]                   C[3]

Properties

Identical plaintexts produce different ciphertexts (with different IVs)
Requires padding for non-block-aligned data
Sequential encryption (can't parallelize)
Decryption can be parallelized

Vulnerabilities

Padding Oracle Attack - if padding errors are distinguishable
Bit Flipping Attack - modifying ciphertext affects next block
IV must be unpredictable (random or encrypted counter)

Best Practices

Use random IV for each encryption
Add HMAC for integrity (Encrypt-then-MAC)
Use constant-time padding validation
Consider GCM instead for authenticated encryption