BiTree
  • Search For Lessons
  • Curriculum
  • Pricing
  • For Educators
  • Become a Tutor
  • About
  • Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
BiTree

Live coding lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Search For Lessons
  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Become a Tutor
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 BiTree. All rights reserved.
Curriculum/Cybersecurity/Cryptography/Symmetric Encryption: AES and Modes
45 minIntermediate

Symmetric Encryption: AES and Modes

After this lesson, you will be able to: Use symmetric encryption correctly: AES-256-GCM, block vs stream ciphers, modes of operation, why ECB is broken, and IV/nonce management.

Symmetric encryption uses one shared key for both encryption and decryption and does the bulk-data work in every secure system. This lesson covers AES, block vs stream ciphers, modes of operation, the famous ECB failure, and the rules for IVs and nonces that make or break security.

Prerequisites:What Cryptography Protects (intro)

AES and block vs stream ciphers

AES (Advanced Encryption Standard) is the symmetric cipher used almost everywhere, typically with a 256-bit key (AES-256). A block cipher encrypts fixed-size blocks (AES uses 128-bit blocks); a stream cipher encrypts a byte at a time against a keystream (ChaCha20 is the modern favorite, especially on mobile). Both are secure when used correctly; the failures come from how you chain blocks (the mode) and how you manage nonces.

Modes of operation, and why ECB is broken

A mode defines how a block cipher encrypts data longer than one block. ECB (Electronic Codebook) encrypts each block independently, so identical plaintext blocks produce identical ciphertext blocks, leaking structure (the infamous 'ECB penguin' image is still recognizable after encryption). Never use ECB. CBC chains blocks with an IV but needs separate integrity protection. GCM (Galois/Counter Mode) is the modern default: it encrypts and authenticates in one step (authenticated encryption), so tampering is detected automatically.

AES-256-GCM done right (Web Crypto API)

Authenticated encryption with a random IV per message. Never reuse an IV with the same key.

css
const key = await crypto.subtle.generateKey(
  { name: "AES-GCM", length: 256 }, true, ["encrypt", "decrypt"]);


// A FRESH random IV for every message. Reusing one with the same key is catastrophic.
const iv = crypto.getRandomValues(new Uint8Array(12));
const ciphertext = await crypto.subtle.encrypt(
  { name: "AES-GCM", iv },
  key,
  new TextEncoder().encode("secret message"),
);
// Store iv alongside ciphertext (the IV is not secret, but must be unique).

IV and nonce management

An IV (initialization vector) or nonce makes encrypting the same plaintext twice produce different ciphertext. The rules: it must be unique per message under a given key, it does not need to be secret (store it with the ciphertext), and for GCM, reusing an IV with the same key is catastrophic (it can leak the authentication key and the plaintext). Use a cryptographically random IV (or a guaranteed-unique counter). Most IV failures come from a fixed or repeated nonce.

Quick Check

Why must you never use ECB mode for real data?

Pick the best reason.

Common mistakes only experienced engineers catch

Using ECB because it is the simplest default in a library. Reusing an IV/nonce with the same key (especially in GCM). Encrypting without authenticating (use GCM, or encrypt-then-MAC). Hardcoding or reusing keys. Confusing encryption with encoding (Base64 is not encryption). Rolling your own mode. Storing the key next to the ciphertext with no protection.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←What Cryptography Protects
Back to Cryptography
Asymmetric Encryption: RSA and ECC→