 |
|
|
|
|
|
||
|
|
||
|
|
||
|
|
|
|
|
|
||
|
|
||
|
|
||
|
|
|
|
|
|||||||||||||||||
Add Forum to Favorites | Send Topic To a Friend | View Forum FAQ | Track this topic |
Last Thread Next Thread |
| One Layer XOR Based Encryption |
|
 |
snowmoon Member since: 11/16/2000 From: Albany, NY |
|||
 Posted - 1/11/2002 10:34:20 AM |
||||
| XOR is a quick and dirty method, but it can be vastly improved with a simple addition. XORing against such a small bit string it bound to be cracked. XOR works best against a large set of random bits. Since truly random bits are ofren hard to come by a psuedo random number would work fairly well too. To keep people on their toes, you could not only use a seed value, but an offset into the psRNG. A small bitstring will be quickly cracked if someone knows the plaintext data ( such as a header or structure ). Throwing a psRNG in makes it just that more interesting for someone tryng to crack the code. |
||||
|
||||
|
Askadar Member since: 11/25/2001 From: Berlin, Germany |
|||
 Posted - 1/11/2002 10:50:44 AM |
||||
| What is a psRNG ? |
||||
|
||||
|
cyn Member since: 7/23/2001 |
|||
|
Posted - 1/11/2002 12:10:37 PM |
||||
| PSeudo-Random Number Generator |
||||
|
||||
|
belingueres Member since: 10/2/2000 From: Argentina |
|||
|
Posted - 1/11/2002 4:15:51 PM |
||||
quote: Yes, this XOR algorithm is suitable to be attacked by a simple statistical analysis on the ciphertext - not very strong with short keylenghts. On the other hand, if the key lenght would be equal (or longer) than the plain text length, then it becomes unbreakable. This is called a "one-time pad". Gabriel |
||||
|
||||
|
kurifu Member since: 9/18/2000 From: Canada |
|||
|
Posted - 1/11/2002 4:22:48 PM |
||||
| You are right, it is of the weaker forms of encryption. If you need something exceptionally secure though I would personally recommend looking at SSL, or 3DES, or even RSA. Though it does present it uses. It can be used to encrypt files for games... very quick to decode the information as it is sucha simple algorithm, and though it does not provide fail safe protection, it does serve as a very good distraction. It is not you everyday game player, hardcore or not, that knows how to even crack an XOR based algorithm. Gamedev's AI Auto-Reply bot. |
||||
|
||||
|
TerranFury Member since: 2/19/2001 |
|||
|
Posted - 1/11/2002 8:06:30 PM |
||||
| To elaborate: XOR every source bit by the corresponding bit in the key, and then by rand(). Seed rand at the beginning of encryption/encryption, either with a constant or a number generated using the key. The simplest way to generate it based on the key is simply to do something like this:
Edited by - TerranFury on January 11, 2002 8:10:08 PM |
||||
|
||||
|
ragonastick Member since: 5/17/2000 From: Sydney, Australia |
|||
|
Posted - 1/12/2002 1:53:36 AM |
||||
| I've seen people who make their keys the same length as the data, except because all they use is the standard rand function, it actually boils down to a 32 bit key (the seed). If someone wants to break into your game, they will. For a single player game, Xor encryption with a 1 byte key is fine, enough so the user who doesn't know what they are doing will not know, but those who actually want to customise will do so, but know that you don't really support it (since you don't release the key). Also, a fancy scheme can be foiled fairly easily because a program is a deterministic system - you need to store the key in your program somewhere, or an algorithm to store the key. Therefore, you must also be storing the decryption algorithm. Personally, I don't bother with encryption (this is for a single player game btw), I just create a file which stores all the files my program needs inside it. Extract those when necessary and that is it. Very easy to crack. Who cares? Trying is the first step towards failure. |
||||
|
||||
|
Beer Hunter Member since: 11/22/2000 From: Canberra |
|||
|
Posted - 1/12/2002 6:06:48 PM |
||||
| Firstly, about communication between two people. "XOR based encryption is essentially one of the most secure". For communication between two people, if you use a one-time pad, it's unbreakable. In order to decrypt it, you'd need to try every possible key combination, and then you'd not only find the original message, but every other possible message of the same length. But if you use a short key, someone can just guess parts of the cleartext (xor's greatest weakness: you can determine the key immediately from the cleartext and encrypted message) until you've found something that makes coherent sense. Anyone heard of Arcanum? Their site's been down for ages, but I'll give the link anyway. One of their challenges was to break a short message encrypted with xor encryption. And it was pretty easy to solve, too. Took me about half an hour, and that was mostly spent writing a program to apply xor encryption to a file. You mentioned PGP. The problem with the RSA cypher is that to generate the public/private key, you need to find two prime numbers, preferably each being larger than 10150. This is not something you want to be doing at realtime in a game. Why do you need such large prime numbers? Because the public key is the product of two prime numbers, and breaking the encryption relies on factorising the public key. A faster method is Diffie-Hellman-Merkle key exchange. First, two numbers with no common factor must be encoded into the program. Let's say we used 7 and 11. Next, the client and server both generate a number. Let's say the client chooses 3 and the server chooses 6. The client calculates 73 (mod 11) = 2, and sends the number 2 to the server. The server calculates 76 (mod 11) = 4, and sends the number 4 to the client. The client calculates 43 (mod 11) = 9, and this is the key. The server calculates 26 (mod 11) = 9, and this is the key. Someone listening in on the connection will not receive enough information to determine the key without brute force. If we'd chosen a sufficiently larger number than 11, then it would be relatively secure. Secondly, about storing data files in an encrypted state. Don't try too hard. The executable is stored on the hacker's computer. The executable contains the information required to decrypt the data. The executable can be traced through with little effort if someone really wants to. And it only takes one person to break the encryption, and then everyone will have access to the original data. |
||||
|
||||
|
jonbell Member since: 10/23/2001 |
|||
|
Posted - 1/13/2002 1:13:51 PM |
||||
| XOR encryption is really easy to break, in general the decrytion key is either at the begining of the file or at the end so you can attack it that way. Another way to go at it is to encrypt a 3 byte file and see what happens. From this really small encrytped file you can see what the encryption program is doing to the size of the file and just attack brute force then to find a way to break the encrption. Sorry to be so negative but the fact is that this form of encryption is pretty useless. As a challenge u can send me your encrypting util and i will return it with an extra program that will decrypt any file encrypted using it  |
||||
|
||||
 |
LessBread Moderator Member since: 12/19/2001 From: Fresno, CA, United States |
|||
|
Posted - 1/14/2002 8:42:54 PM |
||||
| Anyone heard of the "Tiny Encryption Algorithm"? http://vader.brad.ac.uk/tea/tea.shtml 128 bit Fiestel Cipher and it's fast. So fast that it can be implemented in java-script. Even better - it's public domain and there's source code available at the above url - both C and asm. The java-script implementation at the above site is kind of lame - I've revamped it - if any one is interested in seeing it - drop me an email - prionx@juno.com - I'll send you the html/java-script. ‘But truth's a menace, science a public danger.’ Brave New World, Aldous Huxley |
||||
|
||||
|
Anonymous Poster |
|||
 Posted - 1/16/2002 1:20:25 PM |
||||
| What you are all talking about??? xor encryption can be breaked by a very simple proccess, it doesn't matter how long the key. this is not my theory, it's a real fact, anyone who knows the book APPLIED CRYPTOGRAPHY knows what i am talking about. the very first chapter explain how an all-key-length xor breaker can be coded. i also have source( not mine ) that proves that it can be done. |
||||
|
||||
|
nicho_tedja Member since: 2/1/2001 From: Etherworld |
|||
 Posted - 1/18/2002 3:14:33 AM |
||||
| XOR encryption is simply weak. Some characters cannot be encrypted using XOR. If those characters are encrypted with XOR method, the decryption results, instead of returning the original character, will be returning different characters. XOR encryption is fine for text files (readable contents: 0-9, A-Z), but not for binary files. This encryption is extremely dangerous, unless the programmer knows that his encryption key is compatible with all types of characters. In spite of this, some people are correct, XOR encryption is (very) breakable. No matter how many layers you use, your encryption will be just the same, because you're playing with only two numbers here (0 and 1). 100-layered XOR encryption can be decrypted by one encryption key. Consider the following example: 01010011101 <- Original character 11011000110 <- 1st layer encryption key ----------- 10001011011 <- encrypted character after the 1st key 10110110111 <- 2nd encryption key ----------- 00111101100 <- encrypted character after the 2nd key 01101110001 <- decrypted by one single key! ----------- 01010011101 <- Original character Not to count the total digits of the binary numbers above nor their validity, they are used for example only. XOR encryption is highly NOT recommended. Albert |
||||
|
||||
|
jonbell Member since: 10/23/2001 |
|||
|
Posted - 1/18/2002 7:08:31 AM |
||||
| You are actually wrong, XOR encryption can be used to encrypt binary files. An double XOR operation on any ASCII character returns the original binary number. |
||||
|
||||
|
ragonastick Member since: 5/17/2000 From: Sydney, Australia |
|||
|
Posted - 1/18/2002 7:20:50 AM |
||||
quote: Which is why it works with anything. Give an example of a character which will not work with Xor encryption. Because (A Xor B) Xor C = (B Xor A) Xor C = A Xor (B Xor C) it means that multiple layers are condensed to a single layer, so yes that is correct... but I'm not sure that anyone said otherwise. Trying is the first step towards failure. |
||||
|
||||
|
NevF Member since: 2/4/2002 From: Australia |
|||
 Posted - 2/4/2002 5:00:36 AM |
||||
| A very good Cryptograhy library which I strongly recomend to anyone interested in this area is Crypto++ at www.cryptopp.com Not only is Crypto++ a great library it is very well designed C++ which you may be able to learn from. std:disclaimer. I have nothing to do with Crypto++ other than being a user of it. Neville Franks, Author of ED for Windows. www.getsoft.com |
||||
|
||||
| All times are ET (US) |
Last Thread Next Thread |
|
