How To Double Your Money with Python and AES CTR

Don’t you just love making money? Well, if we use the wrong type of encryption, we could end up with the wrong amount of money being allocated to someone.

So, let’s see if we can double Bob’s money. In this case, Bob will give Alice one dollar, and then she will send a ciphertext message to Trent to pay Bob back. But Eve modifies the encrypted ciphertext so that Bob gets two dollars each time. Eve never knows the encryption key that Alice and Trent are using.

And, so, Alice encrypts “Pay Bob 1 Dollar”, with a secret key and a random salt value, and gets a cipher of “39dda42138cc4be3b62161f61ff4fe5ef89dbfd6a2e6c8af7884902558ab4cf0”, and sends this to Trent for payment to Bob.

Eve then sneaks in and changes only one part of the ciphertext to “39dda42138cc4be3b52161f61ff4fe5ef89dbfd6a2e6c8af7884902558ab4cf0”. Whe Trent decrypts the ciphertext, he gets “Pay Bob 2 Dollar”, and pays Bob two dollars. Bob is very happy and keeps giving Alice more dollars, and to keep sending these transactions to Trent. Bob soon becomes a millionaire and shares his earnings with Eve, but Alice has to sell everything — she’s lost everything!

Bit-flipping

You need to beware of bit-flipping in certain modes of AES, including with ECB, CBC and CTR. In the following, we flip the…