Difference between revisions of "Talk:Simple Encryption"
Jump to navigation
Jump to search
Line 12: | Line 12: | ||
I have several ideas on how to improve the security of this algorithm. -- [[User:Strife Onizuka|Strife Onizuka]] 06:09, 1 January 2008 (PST) | I have several ideas on how to improve the security of this algorithm. -- [[User:Strife Onizuka|Strife Onizuka]] 06:09, 1 January 2008 (PST) | ||
The message digest is stored within the XOR. Should it be clear text? | # The message digest is stored within the XOR. Q:Should it be clear text? Should the digest even be present, or perhaps a checksum of the digest? ---- | ||
The passkey has now been extended to be as long (or longer) than the message. (one-time pad). | # The passkey has now been extended to be as long (or longer) than the message. (one-time pad). ---- |
Revision as of 11:55, 1 January 2008
- XOR is not encryption.
- It is possible to decode the messages without resorting to pure brute force. In addition it is possible to ensure that the decode is in fact the message.
- Worst case scenario is if the message is the password. Could require 2^128 to try all possibilities (depends what information can be gleaned from the message).
- If the user can feed the encoder arbitrary strings they can brute force the secret directly. This is possible because the MD5 digests would match and subsequent XOR would result in a 32 nulls.
- The longer the message the easier it is to determine the XOR.
- Byte analysis:
- If the message contains any characters with a value greater then 128 then bit 6 can be determined in the XOR and consequently reduce the choices available to the xor in the affected byte positions.
- On average about 5.9 bits of information about the XOR can be gleaned from the perpended md5 message digest.
- If bit 3 can be pinned down the number of available choices is greatly reduced.
- Worst case scenario is if the message is the password. Could require 2^128 to try all possibilities (depends what information can be gleaned from the message).
- Once the message has been decoded, the password can be attacked by bruteforcing the xor.
- Once a message has been decoded the XOR can be applied to any message in the future baring the same nonce.
I have several ideas on how to improve the security of this algorithm. -- Strife Onizuka 06:09, 1 January 2008 (PST)
- The message digest is stored within the XOR. Q:Should it be clear text? Should the digest even be present, or perhaps a checksum of the digest? ----
- The passkey has now been extended to be as long (or longer) than the message. (one-time pad). ----