Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

Ive been fiddleing around with Xor encryption basically because its the only
form on encryption available to all Unix like systems by default.

But whats the point in Xor encryption in computers anyway.
losetup (a loopback driver for file systems) has xor encryption built into it.

BUT...

have a look at the following possible encryption.

Password = 01101001
Data = 00000000
Encrypted Data = 01101001

which makes it insanely easy to break this encryption.

i encrypted a floppy as follows.

cat /dev/urandom > /dev/fd0 (write random data firectly to disk (no file system)
losetup -e xor /dev/loop1 /dev/fd0 (stick assign encrypted loop to flopy disk)
[password]
mkfs.vfat /dev/loop1 ( write a Fat32 file system to the encryption loop )
losetup -d /dev/loop1

tadaaa, the disk is now encrypted, you could mount it, and use it as a floppy by recreating the loop, and mouning the loop on the file tree sumwhere.

HOWEVER, anywhere there is a groupe of encrypted Zero's on the disk ( executable files are FULL of zero's also so is the FAT ) you will see a the password .

in other works, encrypt the data 00000000 with passowrd Bumfluf gives encrypted data = Bumfluf !!!

use a program like cat to directly read raw data off the disk

cat /dev/fd0 | less

and BOOM,,, everywhere u look, the screen is filled with the password written over and over and over. you cant miss it !

i know they consider Xor to be weak encryption... but this is just stupid !!

its not a troll...
i asked a question. what makes you think im trolling.
and i think its a very good question.

whats the point ?
if anything, all this does is slow down ur system, and make less experianced people thinlk there documents are safe, when inface any idiot could get them in a matter of seconds.

whats the point in adding utilities that allow you to encrypt a disk, but at the same
time, paste the decryption code all over the disk for any idiot to see ?

some1 must have programmed this feature, Why ?
and som1 must have made the decision to include it in linux distributions ?

why did they bother ?
this adds no security, just slows down the system slightly.

and i searched google for one time pads....

yes i know there are other types of encryption out there.

but im talking about Xor encryption.

follow the steps i posted if u dont beleive,
but xor encryption is very easily breakable.

Ahhhh.. upon reading further into your one time pads i discover a mojor flaw.

the encryption Key must be equal in length to the Data it is encrypting.
So... en ncrypt my 6 gig hard disk, i could only have 3 gigs of data and 3 gig key....

hmm.

also, i think you will find that the password limit on xor encryption is 32 characters.

Originally posted by qwijibow why did they bother ?
this adds no security, just slows down the system slightly.

XOR encryption is designed to add a quick encryption layer to protect data from a casual observer. As far as the key and data being equal in length, if you have 6GB of data, you could use a 256bit key and encrypt all of the data by encrypting sequential 256bit blocks one at a time until you reach the end.

256bit key and encrypt all of the data by encrypting it 256bit at a time until you reach the end.

yeah but that would be breakable.

okay, so its portection againsed people who dont know how to use computers.
if sumthings worth encrypting, its worth encrypting properly. ill stick with my aes256

I've probably just spent way too much time reading slashdot, but when I read your post, it struck me as something a person might write to screw with other peoples' heads

A one-time pad is the only proven 100% secure form of encryption in existence.

However, it has two very important limitations. One is, like you found out, the key has to be as long as the plaintext. Two - and this is actually the same thing if you think about it - the pad can't be used more than once.

An encrypted file system approach is meant to be used with a symmetric key cipher like AES, 3DES, Twofish, etc. There are practical uses for one-time pads but encrypting an entire hard disk isn't one of them for most people...

Originally posted by snacky A one-time pad is the only proven 100% secure form of encryption in existence.

Only if it is 100% guaranteed to be truly random, and there is precisely 0% chance of your key being stolen. I guess true randomness is possible, but there is always the question of how to get the key to the parties that need to decrypt, so it's always a possibility that the key will be stolen. Nothing is 100% secure

Originally posted by qwijibow yeah but that would be breakable.

Yes, XOR is pretty weak, but that doesn't mean that it's worthless either. As snacky pointed out, it's good for one time pads. By the time someone does the decryption, it's no longer valid.

Only if it is 100% guaranteed to be truly random, and there is precisely 0% chance of your key being stolen.

ALL cryptosystems require these assumptions to hold true in order to have any kind of security, though. The difference is that it hasn't been absolutely proven that any of the secret-key algorithms don't have some kind of funny trick that can sometimes or often reduce key strength to something way below 2^n (where n is keylength). We also know for a fact that factoring primes is sub-exponential and it hasn't been proven that there isn't some blazingly fast way to do it. (this means RSA just might become worthless some day.)

There are no such doubts about one-time pads. They're different from everything else this way.

But im talking about the Xor capabilitys of linux to use disk encryption.
you can break the encryption in under a minute, even with the maximum allowd password of 32 characters.

Originally posted by snacky ALL cryptosystems require these assumptions to hold true in order to have any kind of security, though. The difference is that it hasn't been absolutely proven that any of the secret-key algorithms don't have some kind of funny trick that can sometimes or often reduce key strength to something way below 2^n (where n is keylength). We also know for a fact that factoring primes is sub-exponential and it hasn't been proven that there isn't some blazingly fast way to do it. (this means RSA just might become worthless some day.)

There are no such doubts about one-time pads. They're different from everything else this way.

Good point. And yeah, most of our crypto algorithms now depend on difficulty and computational feasibility of one kind or another; they've built quantum computers with 7 qubits, so RSA is safe for now, but if some kind of breakthrough occurs in that field, we may have to take a different approach.

7 qubits puts the most powerfull quantim computer as powerfull as your average pocket calculator. so there's no threat froom quantum processors just yet

Originally posted by qwijibow 7 qubits puts the most powerfull quantim computer as powerfull as your average pocket calculator. so there's no threat froom quantum processors just yet

Well, it's a hard comparison to make though. A 7-qubit quantum computer can effectively do 2^7 calculations with a single operation; a non-quantum computer has to do all 2^7 calculations individually. It's a whole different kind of computing.

True....
But how many simultaniouse calculations per second does it do ?

it no good doing 100,000 operations simultainiously if if it only does one set of simultainiouse operatings a second.

also, there will be times when so many operations cannot be done untill the result of anouther is calculatted, so on some loops, not all possible calculations will be useful.

anyway....

for the moment, i wouldnt worry too much about them.

LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.