Difference between revisions of "LlXorBase64StringsCorrect"

From Second Life Wiki
Jump to navigation Jump to search
m
 
(29 intermediate revisions by 8 users not shown)
Line 1: Line 1:
{{LSL_Function
{{LSL_Function
|func_id=319
|deprecated=llXorBase64
|func_sleep=0.0
|inject-2={{Issues/SVC-289}}{{Issues/SCR-35|fc=*}}
|func_energy=10.0
|func_id=319|func_sleep=0.0|func_energy=10.0
|func=llXorBase64StringsCorrect
|func=llXorBase64StringsCorrect|sort=XorBase64StringsCorrect
|return_type=string
|return_type=string
|sort=XorBase64StringsCorrect
|p1_type=string|p1_name=str1|p1_desc=Base64 string
|p1_type=string|p1_name=str1|p1_desc=Base64 string
|p2_type=string|p2_name=str2|p2_desc=Base64 string
|p2_type=string|p2_name=str2|p2_desc=Base64 string
|func_footnote='''str2''' repeats if it is shorter than '''str1'''. If the inputs are not Base64 strings the result will be erratic. Be sure to read the [[#Notes|Notes]] before designing a cryptographic algorithm.
|func_footnote={{LSLP|str2}} repeats if it is shorter than {{LSLP|str1}}. If the inputs are not Base64 strings the result will be erratic.
|func_desc=Correctly performs an exclusive or on two Base 64 strings.
|func_desc=Correctly performs an exclusive or on two Base 64 strings.
|return_text=that is a Base64 XOR of '''str1''' and '''str2'''.
|return_text=that is a Base64 XOR of {{LSLP|str1}} and {{LSLP|str2}}.
|spec
|spec
|caveats
|caveats=
* During the conversion to a byte array the last <code>(bitcount % 8)</code> are discarded from both {{LSLP|str1}} and {{LSLP|str2}}. See [[#Implementation|Implementation]] for details.
* Considers any null encountered in {{LSLPT|str2}} to mark the end of {{LSLPT|str2}}.
|constants
|constants
|examples=<lsl>default
{
    state_entry(){
       
        // Use a HARD password ! with caps nocaps numbers and symbols !
        string pass = "P4s5Wo_rD";
       
        string data = "I am some ver important data.";
       
        // Enccrypting the data:
        string crypt = llXorBase64StringsCorrect(llStringToBase64(data), llStringToBase64(pass));
       
        // Say the mess you made to Owner
        llOwnerSay(crypt);
       
        // DeCrypting the data and say back to owner:
        llOwnerSay(llBase64ToString(llXorBase64StringsCorrect(crypt, llStringToBase64(pass))));
       
    }
}</lsl>
|helpers
|helpers
|also_functions
|also_functions
|also_events
|also_events
|also_tests
|also_tests
|also_articles=*[[User:SignpostMarv_Martin/LSL2/llXorBase64StringsCorrect|llXorBase64StringsCorrect in PHP]]
|also_articles
|notes=
===Best Practices===
As a cryptographic technique, XOR is weak and there are several attacks that can be leveraged to determine the XOR inputs. Depending upon how the secrets are used cracking a single message could expose the input secrets, resulting in the derived algorithm being broken.
 
Keep your secrets secret. Use a seeded trap door function to shake up the bits of the secret before using with the XOR and change the seed often.
 
Do not XOR a value by two differing length values without knowing the implications. It may seem like a good idea but what it actually does is link the fields. While it will give you a longer key value (the Smallest Common Multiple in length), the fields will be linked such that there are really only as many fields as the Greatest Common Divisor. The number of unique fields determines the theoretical maximum number of keys an attacker has to try.
 
Unique_Key_Fields = Greatest_Common_Divistor(lengths_of_keys) * number_of_keys
 
===Attack Vectors===
First thing you need to know is that XOR is limited poly-alphabetic cipher.
* '''Probability''': In English, letters have different probabilities of occurring because of grammar and spelling rules. XOR does not hide the letter probabilities. This attack only works when the keys is many times smaller then the message.
* '''UTF-8 Rules''': When you convert a string to Base64, UTF-8 encoding is used first. If you assume the inputs are valid UTF-8 encodes some bits can be determined purely upon examination.
* '''Plain Text''': The user captures outputs for known inputs can expose weaknesses in the key.
* '''Brute force''': Attacking the key, secret and/or seed
 
|permission
|negative_index
|cat1=Base64
|cat2=Encoding
|cat3
|cat4
}}
}}

Latest revision as of 23:38, 24 June 2013

Emblem-important.png Deprecated
(This function has been deprecated, please use llXorBase64 instead.)

Summary

Function: string llXorBase64StringsCorrect( string str1, string str2 );

Correctly performs an exclusive or on two Base 64 strings.
Returns a string that is a Base64 XOR of str1 and str2.

• string str1 Base64 string
• string str2 Base64 string

str2 repeats if it is shorter than str1. If the inputs are not Base64 strings the result will be erratic.

Caveats

  • This function has been deprecated, please use llXorBase64 instead.
  • During the conversion to a byte array the last (bitcount % 8) are discarded from both str1 and str2. See Implementation for details.
  • Considers any null encountered in str2 to mark the end of str2.

Important Issues

~ All Issues ~ Search JIRA for related Bugs
Issue Type-Bug.gif Status-Resolved.gif SCR-35 A     llXorBase64StringsCorrect returns wrong result when the 2nd string contains nulls

Examples

Deep Notes

All Issues

~ Search JIRA for related Issues
Issue Type-Bug.gif Status-Resolved.gif SVC-289 A     llXorBase64StringsCorrect zero out last (bitcount % 8) bits of data.
Issue Type-Bug.gif Status-Resolved.gif SCR-35 A     llXorBase64StringsCorrect returns wrong result when the 2nd string contains nulls

Signature

function string llXorBase64StringsCorrect( string str1, string str2 );
Retrieved from "https://wiki.secondlife.com/w/index.php?title=LlXorBase64StringsCorrect&oldid=1179476"