search

frohoff / ciphr

CLI crypto swiss-army knife for performing and composing encoding, decoding, encryption, decryption, hashing, and other various cryptographic operations on streams of data from the command line; mostly intended for ad hoc, infosec-related uses.
MIT License
115 stars 30 forks source link

OTP-securerandom-xor #1

Closed Silur closed 8 years ago

Silur commented 8 years ago

Concept

While XOR encryption has some weaknesses (entropy/frequency analysis), some of them can be avoided using an equal number of random bytes as a key instead of a padded plaintext. In that way, the cipher will produce a one time pad what is knowingly unbreakable (if used once)

Usage

ciphr '"testing this new feature"|xor'

Implementation

if no key is specified for the xor function, the key bytes are read from ruby's SecureRandom class, which will get the random bytes using Openssl and/or /dev/urandom

frohoff commented 8 years ago

Unless I misunderstand, if this just reads random data as the "key", and then xor's the input data with this key without outputting the key itself, it seems like the result would be effectively indecipherable random data and would be roughly the same as just directly outputting random data of the same length as the input. For it to be useful it would probably have to output both the key and ciphertext which would then have to be parsed out by whatever was consuming them.

Also, the originally proposed behavior that doesn't write out the key can currently be replicated with ciphr '"testing" xor-trunc[@/dev/urandom]'.