Difference between revisions of "Talk:Simple Encryption"

From Second Life Wiki
Jump to navigation Jump to search
(New section: So does this work?)
Line 18: Line 18:
== So does this work? ==
== So does this work? ==


Has this been tested and does it work? Also how secure is it?
Has this been tested and does it work? Also how secure is it? -- {{User|Bobbyb30 Zohari}}
 
:It's safe to assume that if it's been posted on the wiki that it does in fact work. In the scheme of things this algorithm is not very secure, it's essentially a restricted form of polyalphabetic cipher. Polyalphabetic ciphers can be attacked by analyzing letter frequency, first described in "A Manuscript on Deciphering Cryptographic Messages" written in the 9th century. [[llXorBase64StringsCorrect]] works on byte boundaries, if we say that each byte corresponds to an alphabet then the number of rows is the number of bytes in the xor value. XOR restricts the number of possible alphabets per row to 256 instead of the full 256! (8.5e506). -- [[User:Strife Onizuka|Strife Onizuka]] 20:38, 28 February 2008 (PST)

Revision as of 20:38, 28 February 2008

  1. XOR is not encryption.
  2. It is possible to decode the messages without resorting to pure brute force. In addition it is possible to ensure that the decode is in fact the message.
    • Worst case scenario is if the message is the password. Could require 2^128 to try all possibilities (depends what information can be gleaned from the message).
      • If the user can feed the encoder arbitrary strings they can brute force the secret directly. This is possible because the MD5 digests would match and subsequent XOR would result in a 32 nulls.
    • The longer the message the easier it is to determine the XOR.
    • Byte analysis:
      • If the message contains any characters with a value greater then 128 then bit 6 can be determined in the XOR and consequently reduce the choices available to the xor in the affected byte positions.
      • On average about 5.9 bits of information about the XOR can be gleaned from the perpended md5 message digest.
      • If bit 3 can be pinned down the number of available choices is greatly reduced.
  3. Once the message has been decoded, the password can be attacked by bruteforcing the xor.
  4. Once a message has been decoded the XOR can be applied to any message in the future baring the same nonce.

I have several ideas on how to improve the security of this algorithm. -- Strife Onizuka 06:09, 1 January 2008 (PST)

Response to Strive Onizuka

  1. The message digest is stored within the XOR. Q:Should it be clear text? Should the digest even be present, or perhaps a checksum of the digest? --Dedric Mauriac 11:58, 1 January 2008 (PST)
  2. The passkey has now been extended to be as long (or longer) than the message. (one-time pad). --Dedric Mauriac 11:58, 1 January 2008 (PST)

So does this work?

Has this been tested and does it work? Also how secure is it? -- Bobbyb30 Zohari

It's safe to assume that if it's been posted on the wiki that it does in fact work. In the scheme of things this algorithm is not very secure, it's essentially a restricted form of polyalphabetic cipher. Polyalphabetic ciphers can be attacked by analyzing letter frequency, first described in "A Manuscript on Deciphering Cryptographic Messages" written in the 9th century. llXorBase64StringsCorrect works on byte boundaries, if we say that each byte corresponds to an alphabet then the number of rows is the number of bytes in the xor value. XOR restricts the number of possible alphabets per row to 256 instead of the full 256! (8.5e506). -- Strife Onizuka 20:38, 28 February 2008 (PST)