| View previous topic :: View next topic |
| Author |
Message |
alechiko
Guru
Joined: 01 Feb 2004
Posts: 465
Location: Inside piano, do not disturb.
|
 Posted: Sun Nov 27, 2005 2:59 am Post subject: XOR encryption/decryption. |
 |
|
Does anyone know of any packages available that can carry out XOR encryption and decryption?
_________________
None |
|
| Back to top |
|
 |
tgh
Apprentice
Joined: 05 Oct 2005
Posts: 222
|
| Posted: Sun Nov 27, 2005 3:12 am Post subject: |
|
|
For what purpose?
Protecting contents of files? Protecting entire filesystems (loopback encryption I think)?
gawk includes an xor() function, but I don't know if it would do what you need. (And xor encryption is very weak.) |
|
| Back to top |
|
|
sundialsvc4
Guru
Joined: 10 Nov 2005
Posts: 436
|
| Posted: Sun Nov 27, 2005 9:49 pm Post subject: |
|
|
| If you really want to protect files, then use real encryption, such as what's provided by gpg. |
|
| Back to top |
|
|
nielchiano
Veteran
Joined: 11 Nov 2003
Posts: 1287
Location: 50N 3E
|
| Posted: Tue Jun 06, 2006 1:17 pm Post subject: |
|
|
| sundialsvc4 wrote: | | If you really want to protect files, then use real encryption, such as what's provided by gpg. |
Sorry, but I NEED to add this:
XOR is the only unbreakable encryption, IF IT IS DONE CORRECTLY.
if you XOR your data with a one-time-pad, it's unbreakable |
|
| Back to top |
|
|
guero61
l33t
Joined: 14 Oct 2002
Posts: 811
Location: Behind you
|
| Posted: Tue Jun 06, 2006 1:45 pm Post subject: |
|
|
| nielchiano wrote: | | if you XOR your data with a one-time-pad, it's unbreakable |
If your OTP is of equal size or larger than your data, that is, and if you have a truly (not "sufficiently") random OTP.
GPG, AES-CRYPT, et. al. all perform XOR transforms on your data, they've just worked out sufficiently strong algorithms that overcome the need to have a massive keyspace. As long as your key is secure, I can't see any reason you'd need more than AES-256; yes, someone can "still" crack it, but they would have to be extraordinarily well-funded. If a US-Govt. approved cipher makes you feel uncomfortable (even though Schneier espouses it), maybe look at some of the other international AES candidates. |
|
| Back to top |
|
|
nielchiano
Veteran
Joined: 11 Nov 2003
Posts: 1287
Location: 50N 3E
|
| Posted: Tue Jun 06, 2006 1:54 pm Post subject: |
|
|
| guero61 wrote: | | nielchiano wrote: | | if you XOR your data with a one-time-pad, it's unbreakable |
If your OTP is of equal size or larger than your data, that is, and if you have a truly (not "sufficiently") random OTP.
GPG, AES-CRYPT, et. al. all perform XOR transforms on your data, they've just worked out sufficiently strong algorithms that overcome the need to have a massive keyspace. As long as your key is secure, I can't see any reason you'd need more than AES-256; yes, someone can "still" crack it, but they would have to be extraordinarily well-funded. If a US-Govt. approved cipher makes you feel uncomfortable (even though Schneier espouses it), maybe look at some of the other international AES candidates. |
I completely agree with you... but I just wanted to note that XOR is not ALWAYS bad. |
|
| Back to top |
|
|
guero61
l33t
Joined: 14 Oct 2002
Posts: 811
Location: Behind you
|
| Posted: Tue Jun 06, 2006 2:25 pm Post subject: |
|
|
| Understood. I am unaware of a program that does this in a responsible manner (doesn't try to perform the entire transform in memory), but one should be rather trivial to write, even in a scripting language like perl. I'll see if I can throw down a decent POC. |
|
| Back to top |
|
|
guero61
l33t
Joined: 14 Oct 2002
Posts: 811
Location: Behind you
|
| Posted: Tue Jun 06, 2006 4:40 pm Post subject: |
|
|
| POC not coming - not enough time to write a *good* one or support it. Started a quick Perl one, but ran into the issue that the '^' operator wants to concatenate strings, not XOR them. Ended up packing them into bit strings, but it's ugly and nothing I want to publish. |
|
| Back to top |
|
|
|
Networking & Security
