Jump to content

  • Log In with Google      Sign In   
  • Create Account

#ActualTheComet

Posted 26 November 2013 - 10:29 AM

I'm no encryption expert, but I'd like to throw in my thoughts.

 

1) It would make sense to hash the password before using it to encrypt the data. This way, there will firstly be no significant "visual" differences between weak, medium and strong passwords, and secondly it won't be possible to directly extract the password if you had access to the normal and encrypted versions of the file.

 

2) I flew over the code, and it seems in order, though a little lacking in comments. The way to use it isn't self explanatory, perhaps it would make sense to wrap it into a class to provide a more comprehensible front end?

 

3) I'm trying to see the point of doing it this way as opposed to just XORing everything with a hashed password (which would be faster because there are less operations to perform). I honestly don't see the benefit of spinwheeling everything.

 

In the case of consecutive data being equal, it's very easy to extract the hashed password from a simple XOR operation whereas your method obfuscates that a little, so maybe that's a plus? However, I feel replacing all of the spinning operations for a simple and fast compression algorithm such as RLE followed by XORing everything would yield higher security than spinwheeling it.


#1TheComet

Posted 26 November 2013 - 10:29 AM

I'm no encryption expert, but I'd like to throw in my thoughts.

 

1) It would make sense to hash the password before using it to encrypt the data. This way, there will firstly be no significant differences "visual" between weak, medium and strong passwords, and secondly it won't be possible to directly extract the password if you had access to the normal and encrypted versions of the file.

 

2) I flew over the code, and it seems in order, though a little lacking in comments. The way to use it isn't self explanatory, perhaps it would make sense to wrap it into a class to provide a more comprehensible front end?

 

3) I'm trying to see the point of doing it this way as opposed to just XORing everything with a hashed password (which would be faster because there are less operations to perform). I honestly don't see the benefit of spinwheeling everything.

 

In the case of consecutive data being equal, it's very easy to extract the hashed password from a simple XOR operation whereas your method obfuscates that a little, so maybe that's a plus? However, I feel replacing all of the spinning operations for a simple and fast compression algorithm such as RLE followed by XORing everything would yield higher security than spinwheeling it.


PARTNERS