Author Topic: [Java] Keyed XOR cipher implementation..  (Read 17530 times)

0 Members and 1 Guest are viewing this topic.

Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
[Java] Keyed XOR cipher implementation..
« on: June 24, 2006, 07:38:35 pm »
I think this one is actually secure, because as far as I can see, it's impossible to decrypt it without the key, and you can't guess the next byte of the message without knowing the one before it. I can explain it if you have a question, but for now, here's the code:

Code: [Select]
public class Xorcryption
{
/**
Testing method
*/
public static void main(String args[])
{
String message = "This is an test message.";
String key = "00112233445566778899";
printStringHex(message); // Hex before encrypting
message = xorEncode(message, key);
printStringHex(message); // Hex after encrypting
message = xorDecode(message, key);
printStringHex(message); // Hex after decrypting
System.out.println(message);
}

/**
Prints a string in hex.
*/
private static void printStringHex(String s)
{
for(int i = 0; i < s.length(); i++)
{
System.out.print(Integer.toHexString((int)s.charAt(i)) + " ");
}
System.out.println();
}

/**
Encodes a string
@param data Data to encode
@param key Key to encode with
*/
public static String xorEncode(String data, String key)
{
byte m_cData[] = data.getBytes();
byte m_cKey [] = key .getBytes();

int keyPointer = 0;
for(int i = 0; i < m_cData.length; i++)
{
m_cData[i] ^= m_cKey[keyPointer];
keyPointer += m_cData[i];
keyPointer %= m_cKey.length;
}

return new String(m_cData);
}

/**
Decodes a string
@param data Data to decode
@param key Key to decode with
*/
public static String xorDecode(String data, String key)
{
byte m_cData[] = data.getBytes();
byte m_cKey [] = key .getBytes();

// This was a little interesting to code, because by the time
// we increase the keyPointer, what we have to increase it by
// is already destroyed by the line above it. Therefore, we
// have to set keyPointerAdd before we decrypt the byte that
// holds what's added to the pointer.
int keyPointer = 0;
byte keyPointerAdd = 0;
for(int i = 0; i < m_cData.length; i++)
{
keyPointerAdd = m_cData[i];
m_cData[i] ^= m_cKey[keyPointer];
keyPointer += keyPointerAdd;
keyPointer %= m_cKey.length;
}

return new String(m_cData);
}

}

Note: If you're actually going to use it, you can exclude main and printStringHex and use it all staticly (is that a word?).
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline AntiVirus

  • Legendary
  • x86
  • Hero Member
  • *****
  • Posts: 2521
  • Best
    • View Profile
Re: [Java] Keyed XOR cipher implementation..
« Reply #1 on: June 24, 2006, 07:45:22 pm »
Quote
String message = "This is an test message.";
Typo!! "This is a test message."

:P
The once grove of splendor,
Aforetime crowned by lilac and lily,
Lay now forevermore slender;
And all winds that liven
Silhouette a lone existence;
A leafless oak grasping at eternity.


"They say that I must learn to kill before I can feel safe, but I rather kill myself then turn into their slave."
- The Rasmus

Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: [Java] Keyed XOR cipher implementation..
« Reply #2 on: June 24, 2006, 08:19:13 pm »
My bad. Originally it was "This is an encoded message", but when I thought about it, I knew someone would make fun of me for still calling it encoded after decoding it, so I changed it to test, totally oblivious to the fact that I had "an". Yet another reason why the rules of English are horrible, IMO.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [Java] Keyed XOR cipher implementation..
« Reply #3 on: June 24, 2006, 08:19:35 pm »
I think this one is actually secure, because as far as I can see, it's impossible to decrypt it without the key, and you can't guess the next byte of the message without knowing the one before it. I can explain it if you have a question, but for now, here's the code:

Still wrong.  This sort of encryption is only "secure" in an implementation known as a "one-time pad," in which, these conditions are true:

  1) The key is equally or greater in length to the text to be encrypted.
  2) The key is only used once
  3) The key is truely and totally random
  4) The key is kept secret
« Last Edit: June 24, 2006, 08:23:06 pm by Sidoh »

Offline MyndFyre

  • Boticulator Extraordinaire
  • x86
  • Hero Member
  • *****
  • Posts: 4540
  • The wait is over.
    • View Profile
    • JinxBot :: the evolution in boticulation
Re: [Java] Keyed XOR cipher implementation..
« Reply #4 on: June 24, 2006, 09:03:45 pm »
Well, then all he needs to do is feed the key something from, for example, an SRP key exchange authorization (like WoW does) and he has a truly random, truly secret key.  The key changes at every authentication attempt even though you're validating the same password.

Incidentally, that's how WoW encrypts its realm server communication.
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Our species really annoys me.

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [Java] Keyed XOR cipher implementation..
« Reply #5 on: June 24, 2006, 09:12:18 pm »
Well, then all he needs to do is feed the key something from, for example, an SRP key exchange authorization (like WoW does) and he has a truly random, truly secret key.  The key changes at every authentication attempt even though you're validating the same password.

Incidentally, that's how WoW encrypts its realm server communication.

And to generate the key in a fashion that makes it as long as the input text.

Offline MyndFyre

  • Boticulator Extraordinaire
  • x86
  • Hero Member
  • *****
  • Posts: 4540
  • The wait is over.
    • View Profile
    • JinxBot :: the evolution in boticulation
Re: [Java] Keyed XOR cipher implementation..
« Reply #6 on: June 24, 2006, 09:21:55 pm »
Well, then all he needs to do is feed the key something from, for example, an SRP key exchange authorization (like WoW does) and he has a truly random, truly secret key.  The key changes at every authentication attempt even though you're validating the same password.

Incidentally, that's how WoW encrypts its realm server communication.

And to generate the key in a fashion that makes it as long as the input text.

Well, you could modify that funny sha-interleave thing that SPR does to increase key length.  I don't know what that would do for you, if anything.

Still, even a 40 byte key would be extremely hard to break if it was never exchanged directly over the wire.  I don't think to have secure communications you need "perfect secrecy," like the one-time pad suggests.
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Our species really annoys me.

Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: [Java] Keyed XOR cipher implementation..
« Reply #7 on: June 24, 2006, 09:28:04 pm »
Here's my take on this: All encryption that has it's keys transfered over the wire and then understood on the other end can be cracked in some way or another. It's just a matter of making it difficult.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [Java] Keyed XOR cipher implementation..
« Reply #8 on: June 24, 2006, 09:33:15 pm »
Still, even a 40 byte key would be extremely hard to break if it was never exchanged directly over the wire.  I don't think to have secure communications you need "perfect secrecy," like the one-time pad suggests.

Finding redundancies in the encrypted data from using a short or constant key is a negligible task for the right person.

Here's my take on this: All encryption that has it's keys transfered over the wire and then understood on the other end can be cracked in some way or another. It's just a matter of making it difficult.

Thank you for stating the intuitively obvious. ;)

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: [Java] Keyed XOR cipher implementation..
« Reply #9 on: June 24, 2006, 10:08:45 pm »
Yeah, XOR-encryption is useful if fast communication is needed.  But like any symmetric-key cipher, the trick is finding the proper key-length and exchanging the key in a secure mannger.  With my remote-control client/server, I use SRP then feed that key into AES, which is basically the same idea. 

I'd still stick with a real cipher like AES or 3DES instead of writing my own, though.  I wrote a little wrapper class around Java's Cipher class.  It's hidden in my RemoteControl code that I posted elsewhere, but I can re-post it here if anybody is interested. 

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: [Java] Keyed XOR cipher implementation..
« Reply #10 on: June 27, 2006, 09:50:20 pm »
Still, even a 40 byte key would be extremely hard to break if it was never exchanged directly over the wire.  I don't think to have secure communications you need "perfect secrecy," like the one-time pad suggests.

Finding redundancies in the encrypted data from using a short or constant key is a negligible task for the right person.
Like people who have had Number Theory ;)

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: [Java] Keyed XOR cipher implementation..
« Reply #11 on: June 28, 2006, 04:12:22 am »
Like people who have had Number Theory ;)

:D