LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-14-2010, 11:54 AM   #1
madsovenielsen
Member
 
Registered: Aug 2009
Posts: 180

Rep: Reputation: 15
C xor encryption strength


Hey.

i have found this xor encryption program

Code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define MAX_SIZE 256

void strip_newline(char* to_strip);
void encrypt_data(FILE* input_file, FILE* output_file, char *key);

int main(int argc, char* argv[])
{
        //Check for valid number of arguments
        if (argc != 3)
        {
                printf("Invalid number of arguments. %d arguments were supplied.\n", argc);
                printf("Usage: %s inputfile outputfile\n", argv[0]); //Usage: ./xortest inputfile outputfile
                exit(0);
        }
        
        FILE* input;
        FILE* output;

        //Open input and output files
        input = fopen(argv[1], "r");
        output = fopen(argv[2], "w");
                

        //Check input file
        if (input == NULL)
        {
                printf("Input file cannot be read.\n");
                exit(0);
        }
                
        //Check output file
        if (output == NULL)
        {
                printf("Output file cannot be written to.\n");
                exit(0);
        }

        //Key strings
        char *key = malloc(MAX_SIZE);

        //Prompt for key
        printf("Passphrase: ");

        //Read in key
        fgets(key, MAX_SIZE, stdin);

        printf("Encrypting %s\n", argv[1]);

        //strip newlines
        strip_newline(key);

        //XOR data and write it to file
        encrypt_data(input, output, key);
        
        printf("Encrypted data written to %s\n", argv[2]);

        //Release memory
        free(key);

        //Close files
        fclose(input);
        fclose(output);

        return 0;

}


void encrypt_data(FILE* input_file, FILE* output_file, char* key)
{
        int key_count = 0; //Used to restart key if strlen(key) < strlen(encrypt)
        int encrypt_byte;
        
        while( (encrypt_byte = fgetc(input_file)) != EOF) //Loop through each byte of file until EOF
        {
                //XOR the data and write it to a file
                fputc(encrypt_byte ^ key[key_count], output_file);

                //Increment key_count and start over if necessary
                key_count++;
                if(key_count == strlen(key))
                        key_count = 0;
        }
}

void strip_newline(char* to_strip)
{
        //remove newlines
        if (to_strip[strlen(to_strip) - 1] == '\n')
        {
                to_strip[strlen(to_strip) - 1] = '\0';
        }
Its working fine, it can encrypt and decrypt. but how strong is it ? is it all depending on the specified key ?

How do i measure the strength of this encryption in bits ?

/mads
 
Old 06-14-2010, 01:58 PM   #2
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian
Posts: 2,494

Rep: Reputation: 850Reputation: 850Reputation: 850Reputation: 850Reputation: 850Reputation: 850Reputation: 850
This program is basically using the password as a one time pad, except that it is reusing it if the message is longer than the key.

Can I reuse my pad?
Quote:
Never, without reducing the security of the pad to something less than 100%, usually close to 0%.
Also passwords chosen by humans usually aren't very random, so this isn't secure at all.
 
1 members found this post helpful.
Old 06-14-2010, 03:40 PM   #3
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
I'd add: you might pick up a copy of Applied Cryptography by Bruce Schneier from your local library. He speaks to the problems with implementations of an XOR algorithm pretty early in the book.
 
Old 06-14-2010, 06:18 PM   #4
fruttenboel
Member
 
Registered: Jul 2008
Posts: 270

Rep: Reputation: 48
Quote:
Originally Posted by madsovenielsen View Post
Hey.

i have found this xor encryption program
Nice and dangerous.

In the old days, the 8049 processor could be code protected. When reading out the stored code, it was XORred with a user defined key.

This was safe, unless you had a series of 0x00 bytes... In those places, the key was exposed. A xor 0 = A

So be careful with long series of nougts.
 
Old 06-14-2010, 07:59 PM   #5
trelamenos
Member
 
Registered: May 2006
Location: Greece, Thessaloniki
Distribution: FEDORA
Posts: 37

Rep: Reputation: 16
Quote:
Originally Posted by madsovenielsen View Post
Hey.

Its working fine, it can encrypt and decrypt. but how strong is it ? is it all depending on the specified key ?

How do i measure the strength of this encryption in bits ?

/mads
its basically a matter of the key's length. The bigger it is the more it will produce a big random(well not so random but random) bit stream.... BUT if, as ntubski said, if the key's bit stream used twice... that's not secure neither strong algorithm at all... this app implements the simplest symmetric stream algorithm for educating purposes only... :P
 
1 members found this post helpful.
Old 06-15-2010, 01:58 AM   #6
madsovenielsen
Member
 
Registered: Aug 2009
Posts: 180

Original Poster
Rep: Reputation: 15
Thanks for the answers

/mads
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Absence of XOR in C++, flaw or streamlined? xadrith Programming 6 11-10-2007 05:56 PM
encryption strength? zer0python Programming 2 08-16-2005 10:42 AM
XOR - sound or mouse in Mandrake 10.1 Official david_j Mandriva 1 02-12-2005 04:43 AM
whats the point in Xor encryption ? qwijibow Linux - Security 26 02-08-2004 02:37 PM
Encryption: Algorithms, Determining bit strength Daem0hn Programming 0 07-12-2003 11:28 PM


All times are GMT -5. The time now is 04:26 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration