LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   C xor encryption strength (https://www.linuxquestions.org/questions/linux-security-4/c-xor-encryption-strength-814081/)

madsovenielsen 06-14-2010 11:54 AM
C xor encryption strength
 
Hey.

i have found this xor encryption program

Code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define MAX_SIZE 256

void strip_newline(char* to_strip);
void encrypt_data(FILE* input_file, FILE* output_file, char *key);

int main(int argc, char* argv[])
{
        //Check for valid number of arguments
        if (argc != 3)
        {
                printf("Invalid number of arguments. %d arguments were supplied.\n", argc);
                printf("Usage: %s inputfile outputfile\n", argv[0]); //Usage: ./xortest inputfile outputfile
                exit(0);
        }
       
        FILE* input;
        FILE* output;

        //Open input and output files
        input = fopen(argv[1], "r");
        output = fopen(argv[2], "w");
               

        //Check input file
        if (input == NULL)
        {
                printf("Input file cannot be read.\n");
                exit(0);
        }
               
        //Check output file
        if (output == NULL)
        {
                printf("Output file cannot be written to.\n");
                exit(0);
        }

        //Key strings
        char *key = malloc(MAX_SIZE);

        //Prompt for key
        printf("Passphrase: ");

        //Read in key
        fgets(key, MAX_SIZE, stdin);

        printf("Encrypting %s\n", argv[1]);

        //strip newlines
        strip_newline(key);

        //XOR data and write it to file
        encrypt_data(input, output, key);
       
        printf("Encrypted data written to %s\n", argv[2]);

        //Release memory
        free(key);

        //Close files
        fclose(input);
        fclose(output);

        return 0;

}


void encrypt_data(FILE* input_file, FILE* output_file, char* key)
{
        int key_count = 0; //Used to restart key if strlen(key) < strlen(encrypt)
        int encrypt_byte;
       
        while( (encrypt_byte = fgetc(input_file)) != EOF) //Loop through each byte of file until EOF
        {
                //XOR the data and write it to a file
                fputc(encrypt_byte ^ key[key_count], output_file);

                //Increment key_count and start over if necessary
                key_count++;
                if(key_count == strlen(key))
                        key_count = 0;
        }
}

void strip_newline(char* to_strip)
{
        //remove newlines
        if (to_strip[strlen(to_strip) - 1] == '\n')
        {
                to_strip[strlen(to_strip) - 1] = '\0';
        }
Its working fine, it can encrypt and decrypt. but how strong is it ? is it all depending on the specified key ?

How do i measure the strength of this encryption in bits ?

/mads

ntubski 06-14-2010 01:58 PM
This program is basically using the password as a one time pad, except that it is reusing it if the message is longer than the key.

Can I reuse my pad?
Quote:
Never, without reducing the security of the pad to something less than 100%, usually close to 0%.
Also passwords chosen by humans usually aren't very random, so this isn't secure at all.

anomie 06-14-2010 03:40 PM
I'd add: you might pick up a copy of Applied Cryptography by Bruce Schneier from your local library. He speaks to the problems with implementations of an XOR algorithm pretty early in the book.

fruttenboel 06-14-2010 06:18 PM
Quote:
Originally Posted by madsovenielsen (Post 4003275)
Hey.

i have found this xor encryption program
Nice and dangerous.

In the old days, the 8049 processor could be code protected. When reading out the stored code, it was XORred with a user defined key.

This was safe, unless you had a series of 0x00 bytes... In those places, the key was exposed. A xor 0 = A

So be careful with long series of nougts.

trelamenos 06-14-2010 07:59 PM
Quote:
Originally Posted by madsovenielsen (Post 4003275)
Hey.

Its working fine, it can encrypt and decrypt. but how strong is it ? is it all depending on the specified key ?

How do i measure the strength of this encryption in bits ?

/mads
its basically a matter of the key's length. The bigger it is the more it will produce a big random(well not so random but random) bit stream.... BUT if, as ntubski said, if the key's bit stream used twice... that's not secure neither strong algorithm at all... this app implements the simplest symmetric stream algorithm for educating purposes only... :P

madsovenielsen 06-15-2010 01:58 AM
Thanks for the answers

/mads


All times are GMT -5. The time now is 10:37 AM.