When using encryption, a robust algorithm and an acceptable key length is not enough. There are two other very important parameters that are often forgotten: the encryption mode and parameterization of the initialization vector (Initialization Vector, IV). These values are critical when protecting data with a fixed length, such as a personal identification number (Personal Account Number – PAN).
Data Encryption and the Problem with Pattern Generation
The algorithms of Block Encryption y Flow (employees to encrypt fixed and variable length data, respectively) work in a very simple way: receive the data to be protected and the key to encrypt/decrypt it, and employ a routine that changes the order of the data (encryption algorithm). This set is called a cryptosystem:

However, This model has a critical vulnerability: when running encryption routines on a dataset limited in size and relatively similar, using the same algorithm and the same key, patterns can be generated which can be used as part of an attack (cryptanalysis). In the following example, a encryption routine of a block of five consecutive NAP numbers:
- Algorithm: TripleDES
- Key: 59c5b527f37ff7fbbd5b2478 (double length – 128 bits including parity bits)
- Encryption mode: ECB
- Padding: None
- Data to encrypt: 16 decimal characters = 53 bits
- Cryptogram format: Hexadecimal
| 4656543289876520 | 3A70F5A513753CDE9CE209796E5DD990 |
| 4656543289876521 | 3A70F5A513753CDE41CBFF4CACA02930 |
| 4656543289876522 | 3A70F5A513753CDE4906E893316D0F31 |
| 4656543289876523 | 3A70F5A513753CDE9FEA240365279BFD |
| 4656543289876524 | 3A70F5A513753CDE353E392C6BEAE5CF |
As can be seen, in this process a pattern is identified in the first half of the result, caused by the method that TripleDES uses to encrypt the data (divide the data to be encrypted into 64-bit blocks and then encrypt/decrypt/encrypt each block with the associated keys):

In this case, when the data is limited, as in the case of a PAN (whose length is fixed – 16 characters in most cases and its initial digits are widely known as they are associated with the payment marks: 4 for Visa, 5 for MasterCard, etc.) and the encryption key and algorithm are the same, this reuse of elements will affect the final cryptogram creating patterns, as demonstrated above, affecting the security provided by the encryption. Due to this problem (among many others), it was possible to break the encryption of the German machine ENIGMA.
Encryption modes
The case explained above is the simplest of all: Clear text is taken, divided into several blocks of a fixed size and each block is encrypted with the key provided, so two identical blocks of text will result in the same cryptogram. This encryption mode is called Electronic Code Book (ECB):

To avoid this problem, an additional data was added to the encryption process called initialization vector (Initialization Vector – IV). This new element is added to the cryptosystem to add a layer of randomness in the process, preventing two equal blocks of data from generating the same output. Obviously, the key to this process is to ensure that the IV is as random as possible and that it is not reused. In addition, it is important to clarify that the IV should not necessarily be a secret data.
Depending on the format and time at which the IV is used, the NIST defined five (5) modes of encryption for block encryption algorithms, listed in the document. NIST SP 800-38A Recommendation for Block Cipher Modes of Operation: Methods and Techniques:
- Electronic Codebook (ECB), in which each block of text is encrypted independently with the same key.
- Cipher Block Chaining (CBC), in which a random IV is combined with the first block of clear text and its output is combined with the next block to encrypt.
- Cipher Feedback (CFB), in which the initialization vector is encrypted before being combined with the first block of text to encrypt and that output is combined with the next block to encrypt.
- Output Feedback (OFB), similar to CFB, only that the encrypted IV is combined independently with each block of clear text before being encrypted.
- Counter (CTR), in which, instead of using a random IV, a counter is used that is increased during the encryption of each block.
Below is a visual example of the CBC operation:

Indications for safe generation of IV are described in the Appendix C: Generation of Initialization Vectors from NIST document SP 800-38A.
Using the initialization vector prevents the creation of patterns in the generated cryptograms, ensuring that each cryptogram is different regardless of whether the clear text blocks are the same:

If you repeat the encryption process of the block of five consecutive PAN numbers used previously, but this time using CBC and a different IV for each encryption operation, the following results are obtained:
- Algorithm: TripleDES
- Key: 59c5b527f37ff7fbbd5b2478 (double length – 128 bits including parity bits)
- Encryption mode: CBC
- Padding: None
- Data to encrypt: 16 decimal characters = 53 bits
- Cryptogram format: Hexadecimal
| PAN | IV | Cryptogram |
| 4656543289876520 | 671b89995b7be45b | 8bc804dd3c0e395601525f6103e75974 |
| 4656543289876521 | 309bf68859959c0c | f2ff5fadd0cc5332453edc8743d19a1a |
| 4656543289876522 | b991e9fed507d479 | 79b5cc461a4c883e124d93371bf13183 |
| 4656543289876523 | 8623008e355c4725 | b6e57d387f34c2673c805cac92f049bd |
| 4656543289876524 | 661ee80ae9ad932a | 04ac1af1c9e221e8a06e0c555fe4ae99 |
As you can see, by using a random IV in each round of encryption, the resulting data (cryptogram) is different. Even if the same data is encrypted but with different IV, the result will vary, guaranteeing that there will be no patterns:
| PAN | IV | Cryptogram |
| 4656543289876520 | 671b89995b7be45b | 8bc804dd3c0e395601525f6103e75974 |
| 4656543289876520 | 10b57a092c176687 | 1884560ef41e4584d4a7baa5441a4ece |
QSA recommendations
To ensure that the cryptography techniques used for the protection of sensitive data are secure, I recommend taking into account the following points:
- Using a robust encryption algorithm with an acceptable key length, based on industry best practices. In this case, avoid the use of TripleDES and use AES for block encryption.
- Use a secure encryption mode. As discussed above, the use of ECB can lead to the compromise of protected data due to the generation of patterns in cryptograms. However, other encryption modes have also been found to be vulnerable, such as: CBC, engaged in attacks such as Padding Oracle Attack. For this reason, it is suggested to use more secure and recent modes, as is the case of Galois/Counter Mode (GCM).
- Using Initialization Vectors (IV) Safely: For an IV to provide the expected level of security, it must be safely generated (as random as possible) and not reused. The reuse of the IV was what gave way to the commitment of Wired Equivalent Privacy, a security protocol for the protection of wireless networks. In that case, a weak implementation of the encryption algorithm (RC4) was employed along with Short and reused IVs.
- If there are repositories of sensitive data encrypted with algorithms considered weak and with ECB, it is recommended to proceed with the migration of such information to a robust algorithm with a strong encryption mode.
Personally, I recommend the use of 256-bit AES in GCM mode, using Hardware Security Modules (HSMs) trustworthy.