[SOLVED] C xor encryption strength

madsovenielsen · 06-14-2010, 11:54 AM

Hey.

i have found this xor encryption program

Code:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define MAX_SIZE 256

void strip_newline(char* to_strip);
void encrypt_data(FILE* input_file, FILE* output_file, char *key);

int main(int argc, char* argv[])
{
        //Check for valid number of arguments
        if (argc != 3)
        {
                printf("Invalid number of arguments. %d arguments were supplied.\n", argc);
                printf("Usage: %s inputfile outputfile\n", argv[0]); //Usage: ./xortest inputfile outputfile
                exit(0);
        }
        
        FILE* input;
        FILE* output;

        //Open input and output files
        input = fopen(argv[1], "r");
        output = fopen(argv[2], "w");
                

        //Check input file
        if (input == NULL)
        {
                printf("Input file cannot be read.\n");
                exit(0);
        }
                
        //Check output file
        if (output == NULL)
        {
                printf("Output file cannot be written to.\n");
                exit(0);
        }

        //Key strings
        char *key = malloc(MAX_SIZE);

        //Prompt for key
        printf("Passphrase: ");

        //Read in key
        fgets(key, MAX_SIZE, stdin);

        printf("Encrypting %s\n", argv[1]);

        //strip newlines
        strip_newline(key);

        //XOR data and write it to file
        encrypt_data(input, output, key);
        
        printf("Encrypted data written to %s\n", argv[2]);

        //Release memory
        free(key);

        //Close files
        fclose(input);
        fclose(output);

        return 0;

}


void encrypt_data(FILE* input_file, FILE* output_file, char* key)
{
        int key_count = 0; //Used to restart key if strlen(key) < strlen(encrypt)
        int encrypt_byte;
        
        while( (encrypt_byte = fgetc(input_file)) != EOF) //Loop through each byte of file until EOF
        {
                //XOR the data and write it to a file
                fputc(encrypt_byte ^ key[key_count], output_file);

                //Increment key_count and start over if necessary
                key_count++;
                if(key_count == strlen(key))
                        key_count = 0;
        }
}

void strip_newline(char* to_strip)
{
        //remove newlines
        if (to_strip[strlen(to_strip) - 1] == '\n')
        {
                to_strip[strlen(to_strip) - 1] = '\0';
        }

Its working fine, it can encrypt and decrypt. but how strong is it ? is it all depending on the specified key ?

How do i measure the strength of this encryption in bits ?

/mads

ntubski · 06-14-2010, 01:58 PM

This program is basically using the password as a one time pad, except that it is reusing it if the message is longer than the key.

Can I reuse my pad?

Quote:

Never, without reducing the security of the pad to something less than 100%, usually close to 0%.

Also passwords chosen by humans usually aren't very random, so this isn't secure at all.

anomie · 06-14-2010, 03:40 PM

I'd add: you might pick up a copy of Applied Cryptography by Bruce Schneier from your local library. He speaks to the problems with implementations of an XOR algorithm pretty early in the book.

fruttenboel · 06-14-2010, 06:18 PM

Quote:

Originally Posted by madsovenielsen

Hey.

i have found this xor encryption program

Nice and dangerous.

In the old days, the 8049 processor could be code protected. When reading out the stored code, it was XORred with a user defined key.

This was safe, unless you had a series of 0x00 bytes... In those places, the key was exposed. A xor 0 = A

So be careful with long series of nougts.

trelamenos · 06-14-2010, 07:59 PM

Quote:

Originally Posted by madsovenielsen

Hey.

Its working fine, it can encrypt and decrypt. but how strong is it ? is it all depending on the specified key ?

How do i measure the strength of this encryption in bits ?

/mads

its basically a matter of the key's length. The bigger it is the more it will produce a big random(well not so random but random) bit stream.... BUT if, as ntubski said, if the key's bit stream used twice... that's not secure neither strong algorithm at all... this app implements the simplest symmetric stream algorithm for educating purposes only... :P

madsovenielsen · 06-15-2010, 01:58 AM

Thanks for the answers

/mads