M4RKYU.SYSEdition 2027
Skip to content
LOCEN/Ontario · CA/▸logs · encrypting with block ciphers a guide to aes cbc and more 31gnStandbyOK/--:--:--EST
M4M4RK_YUportfolio
  • BuildBuild
    BuildOverview
    • WorkSelected case studies and write-ups
    • GamesPlayable prototypes and game-dev logs
  • GalleryGallery
    GalleryOverview
    • PhotosPhoto collections and visual experiments
    • ShopPrints, posters, and one-off objects
  • WritingWriting
    WritingOverview
    • BlogLong-form devlogs and field notes
    • NotesShort observations, links, snippets
  • ResourcesResources
    ResourcesOverview
    • Tools38 in-browser developer utilities
    • LinksDaily-use dev and design bookmarks
  • AboutAbout
  • ContactContact
中文

syndicated · dev.to / @markyu

AES-CBC vs AES-GCM: The Crypto Choice I’d Make Today

A practical block cipher guide for developers explaining AES modes, CBC pitfalls, GCM authentication, IV rules, and what to avoid in production.

Published
May 4 '24
·
Reading time
2 min read
·
Reactions
9
securitycryptographybackendwebdev
View on dev.to

On this page

  • The Quick Map
  • Never Use ECB
  • CBC Needs More Than Encryption
  • Why I Prefer GCM
  • Practical Rules
  • Where Block Ciphers Still Matter
  • Final Thought

Most crypto bugs I have seen were not caused by someone inventing a new cipher.

They were caused by using a good cipher in the wrong mode, reusing an IV, skipping authentication, or copying a Stack Overflow snippet without understanding the contract.

If you are building a normal application in 2026, my default advice is simple:

Prefer authenticated encryption like AES-GCM. Avoid raw AES-CBC unless you know exactly how you will authenticate the ciphertext.

The Quick Map

ModeWhat it gives youMain risk
AES-ECBencryption onlyleaks patterns, avoid it
AES-CBCencryption onlyneeds padding and MAC
AES-CTRstream-like encryptionnonce reuse is dangerous
AES-GCMencryption + authenticationnonce must be unique

The important word is authentication.

Encryption hides content. Authentication tells you whether the ciphertext was modified.

Never Use ECB

ECB encrypts equal plaintext blocks into equal ciphertext blocks.

That means patterns can leak.

same plaintext block  -> same ciphertext block
same plaintext block  -> same ciphertext block

This is why ECB is the classic "do not use this" example.

CBC Needs More Than Encryption

CBC uses an initialization vector:

plaintext + key + IV -> ciphertext

The IV must be unpredictable and unique for the message.

The bigger issue: CBC does not authenticate data by itself.

That means this is incomplete:

ciphertext = AES-CBC-Encrypt(key, iv, plaintext)

You also need a MAC, usually encrypt-then-MAC:

ciphertext = AES-CBC-Encrypt(encKey, iv, plaintext)
tag = HMAC(macKey, iv + ciphertext)

If you skip the MAC, attackers may be able to tamper with ciphertext and learn things from error behavior.

Why I Prefer GCM

AES-GCM gives encryption and authentication together:

plaintext + key + nonce + aad -> ciphertext + tag

You still need to manage nonces correctly, but the API nudges you toward the right model.

Node.js example:

import crypto from "node:crypto";

const key = crypto.randomBytes(32); // AES-256
const iv = crypto.randomBytes(12);  // recommended GCM nonce size

const cipher = crypto.createCipheriv("aes-256-gcm", key, iv);
const ciphertext = Buffer.concat([
  cipher.update("secret message", "utf8"),
  cipher.final(),
]);
const tag = cipher.getAuthTag();

console.log({ iv, ciphertext, tag });

Decrypt:

const decipher = crypto.createDecipheriv("aes-256-gcm", key, iv);
decipher.setAuthTag(tag);

const plaintext = Buffer.concat([
  decipher.update(ciphertext),
  decipher.final(),
]);

console.log(plaintext.toString("utf8"));

If the ciphertext or tag is modified, decryption fails.

That is exactly what you want.

Practical Rules

  • Do not use ECB.
  • Do not hardcode keys.
  • Do not reuse GCM nonces with the same key.
  • Do not store encryption keys beside encrypted data.
  • Do not invent your own padding or MAC scheme.
  • Use high-level libraries when possible.

Where Block Ciphers Still Matter

You may hit this when building:

  • encrypted backups
  • secure tokens
  • internal secrets tooling
  • file encryption
  • compliance-heavy backend systems

For normal password storage, do not use AES. Use a password hashing algorithm such as Argon2, bcrypt, or scrypt.

That distinction is important:

password storage -> hash
data secrecy     -> encryption

Final Thought

Crypto code should be boring. If your encryption design feels clever, slow down.

For most application work, AES-GCM or a trusted high-level library is the safer path than hand-rolling AES-CBC with padding and MAC logic.

Have you ever had to review encryption code in an application backend?

Related reading

Next.js Images Without CLS: My LQIP Blur-Up Setup

A practical Next.js image optimization guide for zero CLS layouts, blur placeholders, dimensions, remote images, and production image hygiene.

nextjs

Bad Data Quality Costs More Than a Slow Query

A practical data quality guide for engineers: validation, ownership, schema drift, observability, and fixing bad data before dashboards lie.

data

Network Address Calculation: The Subnet Math That Matters

A practical subnetting guide showing how to calculate a network address from an IP address and mask using binary math and simple examples.

networking

originally published

This post first ran on dev.to. Comments and reactions live there.

Continue on dev.to
PreviousSustainable Cloud Design Starts With Boring Cost SignalsA practical cloud sustainability guide for developers: right-sizing, autoscaling, regions, storage lifecycle, carbon-aware thinking, and cost visibility.
Back to all posts
NextKubernetes Is Useful, but Only After These Basics HurtA practical Kubernetes guide for developers: pods, deployments, services, config, scaling, and when not to introduce Kubernetes too early.
Back to archive
M4RKYUM4RKYUM4RKYUM4RKYUM4RKYUM4RKYUM4RKYUM4RKYU
Crafted since 2024
ZhenXiao Mark YuZhenXiao Mark Yu
get in touch

Saw something here?Tell me about it.

It's a portfolio, not a service · but I read every note — drop a line if anything here resonated, or just to say hi.

Start a conversation
open channel

say hi anytime · 2026

--:--:--ESTOntario, Canada
  • Email
  • GitHub
  • dev.to
  • LinkedIn
  • Twitter / X
  • Instagram
  • Facebook
  • YouTube
  • CodePen
  • Spotify
  • Snapchat

Newsletter

Get the occasional dispatch

Notes and logs from m4rkyu.com — short, dated, no noise. Unsubscribe anytime.

Work

Production builds, games, and visual archives.

  • Projects
  • Games
  • Archive
  • Logs

Resources

Daily-use tools and a personal link library.

  • Search
  • Latest
  • Tools
  • Links
  • Notes
  • Topics
  • Shop
RSSJSON feed

Studio

Background, contact, and channels for collaboration.

  • About
  • Contact
  • Changelog
  • Colophon
  • Resumepending

Socials

Find me on the usual feeds.

  • GitHub
  • dev.to
  • LinkedIn
  • Twitter / X
  • Instagram
  • Facebook
  • YouTube
  • CodePen
  • Spotify
  • Snapchat
  • Email
© 2026 ZhenXiao Mark Yumarkyu0615@gmail.com
  • Email
  • GitHub
  • dev.to
  • LinkedIn
  • Twitter / X
  • Instagram
  • Facebook
  • YouTube
  • CodePen
  • Spotify
  • Snapchat
PrivacyTermsBuilt with Next.js 16 · React 19 · Tailwind 4