Results 1 to 13 of 13

Thread: XOR encryption

  1. #1
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,979
    Thanks
    376
    Thanked 347 Times in 137 Posts

    Lightbulb XOR encryption

    It's just a dummy thread about the simplest encryption algorithm. For example:
    Code:
    for I := 1 to Count do
      Message[i] := Message[i] xor Key;
    However, in pair with well designed and cryptographically secure pseudo random number generator, XOR encryption might be really strong. For example, if key length is equal to the message length, such cipher is unbreakable. It's called the Verman Cipher.

    In simplest form, for example, how to use XOR with pseudo random number generator:
    Code:
    { Initialize the key - this is the password }
    RandSeed := Key;
    { Encrypt }
    for I := 1 to Count do
      Message[i] := Message[i] xor Random(256)
    To be continued...

  2. #2
    Member
    Join Date
    Jul 2008
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    If the key length is equal to the message length, even simpler would be a one time pad:

    for I := 1 to Count do
    Message[i] := Message[i] xor Key[i];

  3. #3
    Member
    Join Date
    Jun 2008
    Posts
    26
    Thanks
    0
    Thanked 0 Times in 0 Posts
    More secure is to change the seed of the Psudo Random numbers at pre-defined stages that are dependant on the key :P

    That gives a much bigger/random range for decription.

    Then you can link chunks of the decode to create a checksum that in turn changes the seed some more.. the fun is endless.

    Trib.
    Last edited by Tribune; 4th August 2008 at 19:22.

  4. #4
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,979
    Thanks
    376
    Thanked 347 Times in 137 Posts
    BTW, what if implement a data sensitive pseudo random number generator? This one will dynamically update a multiplicative hash XORing the input with it.

    The generator is based on a generic byte-oriented multiplicative hash:
    Code:
    Ch := Buf[i];
    
    Buf[i] := Ch xor (Hash shr 24);
    
    Hash := (Hash + Ch) * Prime;

  5. #5
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,979
    Thanks
    376
    Thanked 347 Times in 137 Posts
    A password protected EXE based on such encryption:
    test.exe

    Actually, it's a funny encryption. If you change one byte somewhere, all followed data become a garbage...

  6. #6
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,979
    Thanks
    376
    Thanked 347 Times in 137 Posts
    Also, we hay mirror the FNV hash here:

    Code:
    hash = offset_basis for each octet_of_data to be hashed hash = hash xor octet_of_data hash = hash * FNV_prime return hash
    BTW, soon, I'll release something with such encryption (EXE or file cryptor). I have lots of tricks and ideas for STRONG and simple encryption.

  7. #7
    Expert
    Matt Mahoney's Avatar
    Join Date
    May 2008
    Location
    Melbourne, Florida, USA
    Posts
    3,255
    Thanks
    306
    Thanked 778 Times in 485 Posts

    Exclamation

    If you're going to use XOR encryption, you should use a PRNG designed to be secure, which is not the case for FMV. A good simple and fast generator is RC4 with the first few hundred bytes discarded.
    http://en.wikipedia.org/wiki/RC4

    AES in CTR mode might be more secure, i.e. your random stream is AES(key,1), AES(key,2), AES(key,3), etc. Also, you can take a cryptographic hash function H like SHA-256 or Whirlpool and generate a stream x[1]..x[n] using x[0] = 0, x[i] = H(x[i-1], key). I have an example at http://cs.fit.edu/~mmahoney/compression/#sharnd using SHA-1 which so far nobody has broken since I posted the challenge 4 years ago.

    All of these can be broken if you aren't careful with your implementation. For example, if you encrypt 2 messages with the same key, an attacker can recover the XOR of 2 messages, which leaks information. You prevent this by adding a nonce (number used once) such as a timestamp or random number and sending it in the clear. Then your stream would be x[i] = H(x[i-1], key, nonce) or such. There are also many less obvious ways you can get an implementation wrong even when using well tested building blocks.

    The worst thing you can do is design your own encryption algorithm. I know it's fun, but it's not secure. You can't prove security. The only way to know is to have lots of people try to break it while you give them every possible advantage except knowing the key. For example, you post your design and source code, assume chosen plaintext attacks on supercomputers by the NSA, etc. Before you design your own algorithm I suggest reading a couple books on crypto. Ferguson and Schneier's "Practical Cryptography" is a good start.

  8. #8
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,979
    Thanks
    376
    Thanked 347 Times in 137 Posts
    Just messing around...

    Maybe it is possible to create something new...

  9. #9
    Member
    Join Date
    Sep 2008
    Location
    Germany
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by encode View Post
    A password protected EXE based on such encryption:
    test.exe

    Actually, it's a funny encryption. If you change one byte somewhere, all followed data become a garbage...
    It's probably not the original password, but better than nothing. Enter "bdlhvsd" as password.

    PS: I just realized that my ModPlug version here is 3 years older than yours.

  10. #10
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,979
    Thanks
    376
    Thanked 347 Times in 137 Posts
    Quote Originally Posted by christoph_hausner View Post
    It's probably not the original password, but better than nothing. Enter "bdlhvsd" as password.
    Actually, the password is "encode.su"! OK, will add some stronger encryption...

    Quote Originally Posted by christoph_hausner View Post
    PS: I just realized that my ModPlug version here is 3 years older than yours.
    Well, this is a *VERY* old version of MPT (Year 2002).

    Newest MPT as OpenMPT can be found at Source Forge!

  11. #11
    Member
    Join Date
    May 2008
    Location
    England
    Posts
    325
    Thanks
    18
    Thanked 6 Times in 5 Posts
    Ugg, ModPlug, far superior trackers are out there you know ;p

  12. #12
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,979
    Thanks
    376
    Thanked 347 Times in 137 Posts

    Exclamation

    The same MPTRACK.EXE, but with stronger encryption:

    mpt.exe

    Try to find the password or something...

  13. #13
    Member
    Join Date
    Sep 2007
    Location
    Denmark
    Posts
    870
    Thanks
    47
    Thanked 105 Times in 83 Posts
    throwing in some useless ides of my mind

    since XOR encryption does not change the file size
    why not use the filesize as Salt on the password.

    that way to files with same password = different key (unless same size)

    and if you have only a part of the file you would get wrong hash.

    The bonus is that there is no need to store the hash value and the file is still the exact same size.
    Last edited by SvenBent; 16th March 2009 at 10:53.

Similar Threads

  1. Idea: Combine Compression & Encryption
    By dirks in forum Data Compression
    Replies: 16
    Last Post: 22nd February 2010, 10:49
  2. interleaving 2x 256bit = 512bit encryption ?
    By SvenBent in forum Data Compression
    Replies: 6
    Last Post: 30th August 2009, 21:20
  3. Swap Encryption
    By encode in forum Data Compression
    Replies: 4
    Last Post: 28th October 2008, 16:55
  4. Simple encryption (RC4 like)
    By encode in forum Forum Archive
    Replies: 37
    Last Post: 26th January 2008, 03:05

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •