Talk:Simple Encryption
Revision as of 15:10, 28 February 2008 by Bobbyb30 Zohari (talk | contribs) (New section: So does this work?)
- XOR is not encryption.
- It is possible to decode the messages without resorting to pure brute force. In addition it is possible to ensure that the decode is in fact the message.
- Worst case scenario is if the message is the password. Could require 2^128 to try all possibilities (depends what information can be gleaned from the message).
- If the user can feed the encoder arbitrary strings they can brute force the secret directly. This is possible because the MD5 digests would match and subsequent XOR would result in a 32 nulls.
- The longer the message the easier it is to determine the XOR.
- Byte analysis:
- If the message contains any characters with a value greater then 128 then bit 6 can be determined in the XOR and consequently reduce the choices available to the xor in the affected byte positions.
- On average about 5.9 bits of information about the XOR can be gleaned from the perpended md5 message digest.
- If bit 3 can be pinned down the number of available choices is greatly reduced.
- Worst case scenario is if the message is the password. Could require 2^128 to try all possibilities (depends what information can be gleaned from the message).
- Once the message has been decoded, the password can be attacked by bruteforcing the xor.
- Once a message has been decoded the XOR can be applied to any message in the future baring the same nonce.
I have several ideas on how to improve the security of this algorithm. -- Strife Onizuka 06:09, 1 January 2008 (PST)
Response to Strive Onizuka
- The message digest is stored within the XOR. Q:Should it be clear text? Should the digest even be present, or perhaps a checksum of the digest? --Dedric Mauriac 11:58, 1 January 2008 (PST)
- The passkey has now been extended to be as long (or longer) than the message. (one-time pad). --Dedric Mauriac 11:58, 1 January 2008 (PST)
So does this work?
Has this been tested and does it work? Also how secure is it?