Jump to content

XOR Encryption, how safe is it?


Unity+

Recommended Posts

So, I want to implement some encryption into my webpage in relation to some data pertaining to IP Addresses. I want to use XOR encryption since it seems to be more efficient for smaller strings. However, after researching for a bit, there are apparently ways to crack XOR encryption through pattern recognition. So, is it an encryption method I should use for smaller data?

Link to comment
Share on other sites

So, I want to implement some encryption into my webpage in relation to some data pertaining to IP Addresses. I want to use XOR encryption since it seems to be more efficient for smaller strings. However, after researching for a bit, there are apparently ways to crack XOR encryption through pattern recognition. So, is it an encryption method I should use for smaller data?

 

Depends entirely on what you XOR over your plain text. There's also the construction of your cryptographic system as a whole to consider. Your best bet is to check out http://crypto.stackexchange.com/ and look for AES encryption. Very good place to ask encryption related questions, and you're going to need it, because encryption is very tricky business.

Link to comment
Share on other sites

  • 1 month later...

Xor demands one-time pads. If reusing a pad, even once, the system is completely broken.

 

One-time pads are very inconvenient. As big as the text, so you have to store them somewhere, which is a huge weakness.

 

For any normal use, standard cryptography is much better, and less prone to lost information or lost security.

Link to comment
Share on other sites

Xor demands one-time pads.

That's not true. XOR can be used to mix plain text with the output of a stream cipher (cryptographically secure PRNG). One time pads are in no way a requirement.

 

For any normal use, standard cryptography is much better, and less prone to lost information or lost security.

Standard cryptography uses XOR all the time.

Edited by Thorham
Link to comment
Share on other sites

Xor with a pseudo-random stream has big weaknesses, of which you may not be aware. Essentially, to keep the stream evolving over time but resulting from a key of limited length, the crypto software has to store a status of the stream on the computer for the next time. An attacker who can reset, change or read this status gain all the control over such a crypto method.

 

Or the stream has some method to jump to a distant status without going through the previous ones, and this introduces weaknesses too, especially at related-text and chosen-plaintext cryptanalytic attacks.

 

Other attacks exist, and they are practical. The historic RC2 was such an Xor attempt, and it succumbed early. As a comparison, the Feistel-network DES is still as strong as its key length - which has only become too short.

 

Crypto uses Xor as one elementary operation always mixed with other, nonlinear operations like tables. If not, all symmetrical algorithms would fall immediately to linear analysis, related texts, and pretty much any kind of cryptanalysis attack. This is not the same as Xoring with a one-time pad.

Edited by Enthalpy
Link to comment
Share on other sites

Xor with a pseudo-random stream has big weaknesses, of which you may not be aware. Essentially, to keep the stream evolving over time but resulting from a key of limited length, the crypto software has to store a status of the stream on the computer for the next time. An attacker who can reset, change or read this status gain all the control over such a crypto method.

That kind of thing depends on how you construct your cryptosystem. An example of a setup that doesn't do this is AES-CTR. This encrypts a 16 byte counter + nonce (you can combine a 12 byte nonce and a 4 byte counter) using the encryption key, and XORs the resulting data over the plain text to create the cypher text. The only thing you have to do is make sure that the nonce is unique for each message that is encrypted with the same key. The nonce can literally be anything. Even a time stamp will suffice. The only requirement is uniqueness. It doesn't have to be secret, either, and is actually included in the ciphertext for all to see.

 

It's much more important to make sure that your system is complete and well implemented (the actual encryption is the easy part). What's lacking in the above setup is an authentication method that prevents attackers from changing the encrypted message.

 

Or the stream has some method to jump to a distant status without going through the previous ones, and this introduces weaknesses too, especially at related-text and chosen-plaintext cryptanalytic attacks.

 

A hard requirement for any psuedo random number generator used for encryption is that it's a strong cryptographic PRNG. AES-CTR qualifies as one. There are others, of course. What you're describing is only possible with weak generators, or generators that aren't cryptographic, such as Mersenne Twister or XORShift.

 

Crypto uses Xor as one elementary operation always mixed with other, nonlinear operations like tables. If not, all symmetrical algorithms would fall immediately to linear analysis, related texts, and pretty much any kind of cryptanalysis attack. This is not the same as Xoring with a one-time pad.

 

The problem isn't XOR. The strenght of a cryptosystem depends on multiple factors. What you XOR over the plaintext is one factor. How you generate what you XOR over the plaintext is another factor.

 

If what you XOR over the plaintext is cryptographically strong and generated in the right way, then that part of the cryptosystem is sound (as far as encrypting the data goes, there's still the implementation to worry about, because of side channel attacks).

Edited by Thorham
Link to comment
Share on other sites

  • 2 weeks later...

Salting with the computer's clock is exactly what shall NOT be done.

 

Any malignant website can set your computer's clock to any value - for instance, always the same value, and then your bad crypto software Xors the plaintext always with the same pseudo-random sequence, so any plaintext is recovered by the assaillant just by comparison with one known plaintext, or with a set of partially-known plaintext, say if they're known to be English texts.

 

What you describe seems to come directly from a course or some approximate books. Crypto practice is more difficult than that, and experts have some guidance that let them immediately say "Stop" to some proposals. Salting by the date is on of these no-no that experts don't discuss about any more. Xoring the plaintext with a pseudo-random sequence that isn't truly random is one other. It's just too prone to many types of attacks.

 

Also, you suppose that the symmetric code is strong. With such assumptions, many crypto methods are good. Cryptographs instead use to choose methods that offer some resilience when weaknesses are discovered in the symmetric code. Alas, salting with the clock is the standard example of what must be rejected. When the related-key analysis was found, and previously the related-plaintext, all methods relying of salt that modifies slowly were discarded - the clock proposal is rejected without discussion by experts.

 

In short: do NOT xor the plaintext with a pseudo-random sequence - this exists only in bad books.

Link to comment
Share on other sites

Salting with the computer's clock is exactly what shall NOT be done.

 

Any malignant website can set your computer's clock to any value - for instance, always the same value,

 

Enthalpy, please show source code of website JavaScript/Java/HTML etc. that will let you change computer system time.. Or better host it, and we will be visiting it, and telling what time your script set.. Ok?

 

Whenever they talk about it on the net, saying also "you need to have administrator privileges". f.e.

http://stackoverflow.com/questions/6203857/how-can-i-set-the-system-time-in-java

 

This

http://www.w3schools.com/jsref/jsref_obj_date.asp

is setting Date object time, not entire system time, AFAIK.

 

If code managed to get to level it can execute system commands on attacked machine, hacker can simply download/change source of website and look at how security system has been designed..

Link to comment
Share on other sites

 

Enthalpy, please show source code of website JavaScript/Java/HTML etc. that will let you change computer system time..

 

Are you discovering computers? Hundreds of small applications permit to set the computer's clock. In addition, nearly every OEM Windows computer has only administrator sessions.

 

Link to comment
Share on other sites

 

Are you discovering computers? Hundreds of small applications permit to set the computer's clock. In addition, nearly every OEM Windows computer has only administrator sessions.

 

Then you should have no difficulty with demonstrating one.

Please do so.

Link to comment
Share on other sites

Salting with the computer's clock is exactly what shall NOT be done.

I wasn't talking about salts, I was talking about nonces. These two things are completely different.

 

Any malignant website can set your computer's clock to any value

Only if your system is utterly broken, of course.

 

Salting by the date is on of these no-no

Here you come with salts again. Do you even know what a salt is?

 

the clock proposal is rejected without discussion by experts.

Not necessarily for something that only needs to be unique and will be known by everyone. It was also

just an example of how it doesn't matter what a nonce (NOT salt!!!) actually is, and that the only

requirement is uniqueness.

 

In short: do NOT xor the plaintext with a pseudo-random sequence - this exists only in bad books.

Nonsense. Any cryptographically strong PRNG can be used for encryption. The problem isn't with XOR.

Link to comment
Share on other sites

And once again, people who know less believe to be competent.

 

Atomic Clock Sync sets the compouter's clock, it runs completely normally on a sound Windows

http://download.cnet.com/Atomic-Clock-Sync/3000-18512_4-14844.html

and there are many applications like that one. Why do I need to cite one despite they're so well known?

 

Sorry guys, you are wrong. Even if you were one thousand. You'd better check your claims before making strong and wrong statements.

 

-----

 

Malicious websites or software setting the clock is perfectly known, and this is why any book trying to be serious about cryptography explicitly tells that

- The computer clock shall NOT be used as a random source

- XOR with the plaintext can be done only with a truly random sequence, NOT a pseudo-random one.

 

This is absolutely basic understanding about cryptography. Thorham, your code that relies on the clock has zero security.

 

Cryptography is tricky. People who are not experts better keep their hands off and use standard solutions.

Link to comment
Share on other sites

- The computer clock shall NOT be used as a random source

I wasn't talking about a random source, I was giving an example of nonce generation to show that it

doesn't matter what the nonce actually is. In practice there are obviously situations where using a

datestamp as a nonce is completely safe. However, and I must stress this, you fail to see that it was

an example of how a nonce can by anything as long as it's unique for a particular key. You've basically

missed the point entirely.

 

- XOR with the plaintext can be done only with a truly random sequence, NOT a pseudo-random one.

This is nonsense. There is no problem with XOR and there's no problem with good cryptographic PRNGs.

Where did you even get this from?

Edited by Thorham
Link to comment
Share on other sites

And once again, people who know less believe to be competent.

You have been asked to write by yourself code,

challenged to prove your own words,

code that you were talking about in post #10:

quoting you "Any malignant website can set your computer's clock to any value"..

 

And you failed to do so..

 

But that's no surprise if you really don't see difference between C/C++ compiled code and HTML/JavaScript/Java/CSS etc. opened exclusively by web-browser..

 

Atomic Clock Sync sets the compouter's clock, it runs completely normally on a sound Windows

http://download.cnet.com/Atomic-Clock-Sync/3000-18512_4-14844.html

and there are many applications like that one. Why do I need to cite one despite they're so well known?

 

Sorry guys, you are wrong. Even if you were one thousand. You'd better check your claims before making strong and wrong statements.

I am speechless shocked by amount of your's incompetence..

 

So you really (really?!) don't see difference between application that is executable file, compiled to specific operating system, compiled to specific cpu.. that user installs intentionally on his/her own machine..

 

and remote website, hosted on server machine, that is prepared by hackers, and waiting for victims, to infect their computers (if they manage to).. ?!?

 

 

If hacker will prepare virus that pretends real program (Trojan horse: http://en.wikipedia.org/wiki/Trojan_horse_(computing)), and user will install it by himself/herself, that program obviously can get full access to entire computer, and setting it's clock is one of the most ridiculous things hackers can do with that machine I heard about..

If they already have full control over attacked machine (because user did everything for hackers by installing software), there is no reason to play with system clock..

 

Malicious websites or software setting the clock is perfectly known, and this is why any book trying to be serious about cryptography explicitly tells that

So your "knowledge" about subject is entirely from books that you read,

not your's own experience.

 

And you dare to write to us per "incompetent"..

 

To me, and I trust the all other forum members that read it:

"Any malignant website can set your computer's clock to any value".

means that user-victim, will go to remote website, using web-browser, and just visit it,

without having to install anything from that website..

Edited by Sensei
Link to comment
Share on other sites

Pretty much unless your system is woefully unsecured it won't be possible to change the time remotely. You'd need to get the person to download something and at that point you have simpler options.

 

Main issue would be that the value you are using as your 'random' number would follow a pattern or depending on the time, be the exact same value.

 

you can play around with this here:

http://xor.pw/?

 

 

Note: This is assuming you are using straight system time and not a more convoluted PRNG.

Link to comment
Share on other sites

On a related note, if the data on your computer is important enough to warrant any sort of encryption, then you should use another computer for the sort of web surfing that might lead you to sites that download malware onto your machine.

 

Where I work we have two computer networks and two computers each, for that sort of reason (actually the other way round- they don't want the S/W we write screwing up the important network, but the principle is that same).

 

However, I'm still waiting for an explanation of how the websites I visit might reset my computer's clock without asking me.

Link to comment
Share on other sites

Setting the clock, now from Java? It doesn't look very complicated.

http://www.java-tips.org/other-api-tips/jni/set-the-computer-clock.html

http://abeytom.blogspot.de/2012/12/set-system-time-from-java.html#!/2012/12/set-system-time-from-java.html

 

The PC's clock has never-ever been considered a protected nor sensitive information. And again, most OEM PC have only administrator sessions.

 

----------

 

Any encryption software that takes the clock to start a pseudo-random sequence is at obvious risk of running always the same sequence.

 

This is basics about cryptography. Not using pseudo-random sequences as one-time pads, too. Doing both results in the crypto code having zero strength.

 

The best to do now is give up the arguments, remove the faulty crypto software, and replace it by methods that work: use the symmetric code in codebook mode or chained block mode.

Link to comment
Share on other sites

And again, most OEM PC have only administrator sessions.

 

Your posts are a mixture of incorrect statements, strawman arguments and irrelevant (and dubious) claims like this one: even if a PC is running in superuser/admin mode (but no one concerned about security would do that) then it is potentially vulnerable and it hardly matter swhether you use XOR with a PRNG, 256-biit AES or ROT13.

 

I would recommend anyone reading this thread to ignore Enthalpy's posts as heavy on opinion and low on fact.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.