ECB Mode Weakness

ECB (Electronic CodeBook) Mode Weakness is a fundamental flaw in ECB encryption where identical plaintext blocks always produce identical ciphertext blocks. This reveals patterns in the data, making ECB unsuitable for most use cases.

How ECB Works

// Each block encrypted independently
C[i] = Encrypt(P[i], Key)

// No chaining, no IV
// Same input = Same output ALWAYS

The Problem

Plaintext blocks:  [A][B][A][C][A]
Ciphertext blocks: [X][Y][X][Z][X]

// Pattern is visible: blocks 1, 3, 5 are the same
// Attacker learns which plaintext blocks are identical

Famous Example: ECB Penguin

Encrypting an image with ECB mode preserves the visual pattern because pixels in similar regions produce identical ciphertext, leaving the image recognizable.

Attack Scenarios

• Detect repeated data (same user actions, passwords)
• Block reordering attacks
• Block swapping between users
• Chosen-plaintext attacks with controlled data

Practical Attack

// Encrypted tokens: role|username|timestamp
// Token for user "bob" with role "user":
[block1: role=user][block2: ;name=bob;][block3: time=...]

// Token for "admin" account observed:
[block1: role=adm][block2: in;name=ad][block3: min;time=]

// Attacker replaces their block1 with admin's block1
// Now has admin privileges!

Prevention

• Never use ECB for data longer than one block
• Use CBC, CTR, or GCM mode instead
• Always use authenticated encryption (GCM)

PentesterLab Exercises

• ECB Exercises

See Also

• Cipher Block Chaining (CBC)
• Galois/Counter Mode (GCM)
• Advanced Encryption Standard (AES)