ECB attack to bank transfer

Asked Jun 09 '17 at 18:54

Active May 08 '20 at 16:12

Viewed 157 times

I have a problem with a task from my university. We have two banks and these banks are sending data in ECB mode.

Plaintext and ciphertext look like this:

Plaintext: sender number | reciver number | amount

Ciphertext: block1+block2 | block3+block4 | block5+block6

A hacker made exactly 17 transfers to your account, every time with the same amount. After this he knows the ciphertext for his bank account number, and he can replace the receiver account number in all the transfers, but he still does not know a key.

The question is, why does he need exactly 17 transfers?

IMHO, he needs only two transfers if the key is the same all the time, but maybe I'm not seeing something important.

Could you help me with this? Because I don't know if I am wrong or my teacher is.

edited Jun 10 '17 at 02:07

asked Jun 09 '17 at 18:54

Lucas

The problem with the ECB is that it can just print as much money as it wants ;) – CodesInChaos Jun 09 '17 at 19:02
4

I have no idea where '17' comes from (unless the scenario is more complex than you listed). I'd think 1 transfer would be enough; do one transfer Attacker->Alice, swap the sender and the receiver, and inject thousands of transfers Alice->Attacker... – poncho Jun 09 '17 at 19:03

ECB attack to bank transfer

0 Answers0