Cryptography Tools
What It Does
Encrypts and decrypts data using AES-ECB (Electronic Codebook) mode. Each block is encrypted independently.
How to Use It
- Select “Encrypt” or “Decrypt” mode.
- Enter the plaintext or ciphertext.
- Enter or generate an encryption key (128, 192, or 256 bits).
- Click “Encrypt” or “Decrypt”.
Options Explained
| Option | Description |
|---|---|
| Key size | 128, 192, or 256 bits |
| Key encoding | Hex, Base64, or UTF-8 |
| Output encoding | Hex or Base64 for the ciphertext |
Security Recommendations:
- ECB mode should only be used for encrypting single-block random data (e.g., encrypting other keys) or for legacy system compatibility.
- Never use ECB for encrypting structured data, images, or any multi-block plaintext.
- For secure encryption with authentication, use AES-GCM instead.
- Use 32-byte keys (AES-256) for maximum security when ECB must be used.
- Example: The famous "ECB penguin" demonstrates how ECB preserves image structure even when encrypted.
About AES-ECB Mode
AES-ECB (Electronic Codebook) is the simplest AES block-cipher mode of operation. Each 16-byte (128-bit) block of plaintext is encrypted independently with the same key, producing a corresponding ciphertext block. Because blocks are processed in isolation, identical plaintext blocks always produce identical ciphertext blocks, creating recognizable patterns that leak information about the underlying data.
The famous “ECB penguin” image demonstrates this weakness vividly: when a bitmap image is encrypted with ECB, the silhouette of the original image remains clearly visible in the ciphertext. This pattern-preservation makes ECB unsuitable for encrypting structured or repetitive data such as images, documents, or database records.
Despite its weaknesses, ECB mode is still valid for a narrow set of use cases: encrypting a single random block (e.g., wrapping another cryptographic key) or interfacing with legacy systems that mandate ECB. For all general-purpose encryption, prefer AES-GCM (authenticated) or AES-CBC/CTR (confidentiality only).
Common Use Cases
- Encrypting single-block random values such as cryptographic key wrapping
- Interoperability with legacy payment and banking systems that require ECB
- Educational demonstrations of why block-cipher modes matter
- Look-up table encryption where deterministic output is intentional
- Testing and benchmarking raw AES block-cipher performance
What Is AES-ECB?
AES-ECB (Electronic Codebook) is the simplest AES block cipher mode. It encrypts each 128-bit block of plaintext independently using the same key, with no chaining or feedback between blocks. This means identical plaintext blocks always produce identical ciphertext blocks, which leaks structural patterns in the data — the classic demonstration is encrypting a bitmap image where the outline remains visible in the ciphertext. For this reason, ECB is considered insecure for general-purpose encryption and should only be used in specific scenarios like single-block key wrapping or for educational purposes.
Frequently Asked Questions
Why is ECB mode considered insecure?
Because identical plaintext blocks produce identical ciphertext blocks, patterns in the original data are preserved. An attacker can detect repeated content, rearrange blocks, or perform block-substitution attacks without decrypting.
When is it safe to use AES-ECB?
ECB is acceptable only when encrypting a single random block (e.g., key wrapping with AES Key Wrap) or independent random values where no patterns exist. For multi-block data, always use CBC, CTR, or GCM.
Does ECB require an IV or nonce?
No. ECB does not use an initialization vector or nonce. Each block is encrypted independently, which is precisely why it leaks patterns.
Is my data sent to a server?
No. All encryption and decryption runs locally in your browser. No data leaves your device.
All encryption and decryption runs locally in your browser. No data is transmitted to any external server.