Difference between revisions of "Talk:Simple Encryption"
Jump to navigation
Jump to search
(New page: # XOR is not encryption. # It is possible to decode the messages without resorting to pure brute force. In addition it is possible to ensure that the decode is in fact the message. #* Wors...) |
|||
Line 11: | Line 11: | ||
# Once a message has been decoded the XOR can be applied to any message in the future baring the same nonce. | # Once a message has been decoded the XOR can be applied to any message in the future baring the same nonce. | ||
I have several ideas on how to improve the security of this algorithm. -- [[User:Strife Onizuka|Strife Onizuka]] 06:09, 1 January 2008 (PST) | I have several ideas on how to improve the security of this algorithm. -- [[User:Strife Onizuka|Strife Onizuka]] 06:09, 1 January 2008 (PST) | ||
The message digest is stored within the XOR. Should it be clear text? | |||
The passkey has now been extended to be as long (or longer) than the message. (one-time pad). |
Revision as of 11:52, 1 January 2008
- XOR is not encryption.
- It is possible to decode the messages without resorting to pure brute force. In addition it is possible to ensure that the decode is in fact the message.
- Worst case scenario is if the message is the password. Could require 2^128 to try all possibilities (depends what information can be gleaned from the message).
- If the user can feed the encoder arbitrary strings they can brute force the secret directly. This is possible because the MD5 digests would match and subsequent XOR would result in a 32 nulls.
- The longer the message the easier it is to determine the XOR.
- Byte analysis:
- If the message contains any characters with a value greater then 128 then bit 6 can be determined in the XOR and consequently reduce the choices available to the xor in the affected byte positions.
- On average about 5.9 bits of information about the XOR can be gleaned from the perpended md5 message digest.
- If bit 3 can be pinned down the number of available choices is greatly reduced.
- Worst case scenario is if the message is the password. Could require 2^128 to try all possibilities (depends what information can be gleaned from the message).
- Once the message has been decoded, the password can be attacked by bruteforcing the xor.
- Once a message has been decoded the XOR can be applied to any message in the future baring the same nonce.
I have several ideas on how to improve the security of this algorithm. -- Strife Onizuka 06:09, 1 January 2008 (PST)
The message digest is stored within the XOR. Should it be clear text? The passkey has now been extended to be as long (or longer) than the message. (one-time pad).