[VB] Advanced Xorcryption

[Joe]

Yeah, I haven't given up yet. This thing is pretty good, actually.

The key is 256 characters long. The thing about this that is different from roasting, is the key position changes depending on the value (un xor-d) of the byte before. You always start at 1, so its still decryptable. This isn't as secure as AES/DES/whatever, because you can still create messages using a public key (there is no private key, actually), but oh well, its more secure than plain text.

The GetKey function is just for debugging purposes, really. You should probably exchange random keys.

http://www.javaop.com/~joe/VB6/Xorcrypt.zip

[iago]

I don't feel like looking at it, VB is too painful to read.  But here's a quote from some guy regarding a cryptographic cipher based on MD5, I especially like the part about the free t-shirt:

ARCS is a simple stream cipher. The key generation is done using
MD5 and MD5 is today considered to be pretty weak and to be
avoided if possible unless it is _strictly_ used for hashing
purposes (and honestly, if you do need hashing for anything
else that checking a download has been done properly with
no corruption, please move to something better like RIPEMD-160
or SHA-256).

This "cipher" is using as base a hashing method. It can be
done of course, and there are plenty examples of transforming
hashing into cipher (this requires modifications..) and the
MD5 being pretty weak today, using it for a cipher is a
bad idea.

Don't use a cipher whose strenght is resting on MD5.

Honestly, who is going to use a cipher which is under
copyright and can't be used freely and is based on MD5
which is to be avoided as much as possible for hashing
purposes (unless you only need it to check for corruption)
and especially for any cipher.

No cryptoanalyst or cryptographer has spent or will
spend any time over this algorithm. We have AES-256
which has been extensively cryptoanalyzed by the best
public cryptographers in this world and which is freely
available for any use.

I strongly suggest to avoid ARCS and keep with properly
cryptoanalyzed ciphers : AES, Blowfish, Cast, Twofish..

The publication of this so called "cipher" on Packetstorm
also shows this :

"... The authors hope that someone will try to break this cipher
and welcome all attempts and added research. Be forewarned,
commercial use of this algorithm is forbidden without the Authors'
consent."

Yeah. Sure. Everybody is going to move from good ciphers
that went under years of cryptoanalysis for a cipher which
is based on MD5 considered almost broken for hashing, and
be restricted in any commercial use ? This should be a joke.

Even more fun :

"If you successfully crack this file that was encrypted with
A.R.C.S., Packet Storm will send you a free t-shirt..."

Get a life please. Stop trying to do crypto.
You've got one foot in the snake-oil square and another
one on a broken tile with a deep hole below.

Offering people to "break" something does not prove anything.
Because no one breaks it only means one thing : no one
care to break it.

Do you believe cryptographers with years of knowledge
and work are going to do a cryptanalysis of that "cipher"
for a t-shirt ? You'd have to pay them several hundred
of dollars per hour for any serious cryptanalysis work
and honestly they would not even do it knowing it's resting
upon MD5.

Do not use ARCS. Keep to AES, Blowfish and go subscribe
yourselves to Bruce Schneier's excellent Cryptogram.

This ARCS ballon is so full of air we should tell Bruce
about it so he'll explain better in the next Crytogram.

Sorry for being rude to the ARCS authors but I'm fed
of pseudo-crypto attemps and BS.

[Sidoh]

LMFAO!!!

[Joe]

<3.