# Thread: XOR encryption

1. ## XOR encryption

It's just a dummy thread about the simplest encryption algorithm. For example:
Code:
```for I := 1 to Count do
Message[i] := Message[i] xor Key;```
However, in pair with well designed and cryptographically secure pseudo random number generator, XOR encryption might be really strong. For example, if key length is equal to the message length, such cipher is unbreakable. It's called the Verman Cipher.

In simplest form, for example, how to use XOR with pseudo random number generator:
Code:
```{ Initialize the key - this is the password }
RandSeed := Key;
{ Encrypt }
for I := 1 to Count do
Message[i] := Message[i] xor Random(256)```
To be continued...

2. If the key length is equal to the message length, even simpler would be a one time pad:

for I := 1 to Count do
Message[i] := Message[i] xor Key[i];

3. More secure is to change the seed of the Psudo Random numbers at pre-defined stages that are dependant on the key :P

That gives a much bigger/random range for decription.

Then you can link chunks of the decode to create a checksum that in turn changes the seed some more.. the fun is endless.

Trib.

4. BTW, what if implement a data sensitive pseudo random number generator? This one will dynamically update a multiplicative hash XORing the input with it.

The generator is based on a generic byte-oriented multiplicative hash:
Code:
```Ch := Buf[i];

Buf[i] := Ch xor (Hash shr 24);

Hash := (Hash + Ch) * Prime;```

5. A password protected EXE based on such encryption:
test.exe

Actually, it's a funny encryption. If you change one byte somewhere, all followed data become a garbage...

6. Also, we hay mirror the FNV hash here:

Code:
```hash = offset_basis
for each octet_of_data to be hashed
hash = hash xor octet_of_data
hash = hash * FNV_prime
return hash```
BTW, soon, I'll release something with such encryption (EXE or file cryptor). I have lots of tricks and ideas for STRONG and simple encryption.

7. If you're going to use XOR encryption, you should use a PRNG designed to be secure, which is not the case for FMV. A good simple and fast generator is RC4 with the first few hundred bytes discarded.
http://en.wikipedia.org/wiki/RC4

AES in CTR mode might be more secure, i.e. your random stream is AES(key,1), AES(key,2), AES(key,3), etc. Also, you can take a cryptographic hash function H like SHA-256 or Whirlpool and generate a stream x[1]..x[n] using x[0] = 0, x[i] = H(x[i-1], key). I have an example at http://cs.fit.edu/~mmahoney/compression/#sharnd using SHA-1 which so far nobody has broken since I posted the challenge 4 years ago.

All of these can be broken if you aren't careful with your implementation. For example, if you encrypt 2 messages with the same key, an attacker can recover the XOR of 2 messages, which leaks information. You prevent this by adding a nonce (number used once) such as a timestamp or random number and sending it in the clear. Then your stream would be x[i] = H(x[i-1], key, nonce) or such. There are also many less obvious ways you can get an implementation wrong even when using well tested building blocks.

The worst thing you can do is design your own encryption algorithm. I know it's fun, but it's not secure. You can't prove security. The only way to know is to have lots of people try to break it while you give them every possible advantage except knowing the key. For example, you post your design and source code, assume chosen plaintext attacks on supercomputers by the NSA, etc. Before you design your own algorithm I suggest reading a couple books on crypto. Ferguson and Schneier's "Practical Cryptography" is a good start.

8. Just messing around...

Maybe it is possible to create something new...

9. Originally Posted by encode
A password protected EXE based on such encryption:
test.exe

Actually, it's a funny encryption. If you change one byte somewhere, all followed data become a garbage...
It's probably not the original password, but better than nothing. Enter "bdlhvsd" as password.

PS: I just realized that my ModPlug version here is 3 years older than yours.

10. Originally Posted by christoph_hausner
It's probably not the original password, but better than nothing. Enter "bdlhvsd" as password.
Actually, the password is "encode.su"! OK, will add some stronger encryption...

Originally Posted by christoph_hausner
PS: I just realized that my ModPlug version here is 3 years older than yours.
Well, this is a *VERY* old version of MPT (Year 2002).

Newest MPT as OpenMPT can be found at Source Forge!

11. Ugg, ModPlug, far superior trackers are out there you know ;p

12. The same MPTRACK.EXE, but with stronger encryption:

mpt.exe

Try to find the password or something...

13. throwing in some useless ides of my mind

since XOR encryption does not change the file size
why not use the filesize as Salt on the password.

that way to files with same password = different key (unless same size)

and if you have only a part of the file you would get wrong hash.

The bonus is that there is no need to store the hash value and the file is still the exact same size.

#### Posting Permissions

• You may not post new threads
• You may not post replies
• You may not post attachments
• You may not edit your posts
•