[metric]

Hey guys

I think this is the correct forum to post in.

If I get the binary for a movie file, and the binary for a message and XOR it, one of my classmates said it was practically unbreakable...

What do you guys think?

[modi123_1]

Two things.. what happens when I get the binary for that same movie and just reverse what you did?

Second - your sig image is still out of whack with the forum rules.

[TMKCodes]

XOR encryption is trivially simple to implement and equally trivial to break.

XOR encryption should not be utilized for any data which you would want to protect.

[baavgai]

There's no such thing as unbreakable encryption. Rather, there are encryption schemes that take so long to break that they are considered secure.

There are also some that are considered trivially easy. I'm afraid XOR, or any simple replacement, falls into this category.

[lordofduct]

I think your classmate should stop smoking pot.

[modi123_1]

Now say you had a scheme that randomly hit tv channels - stealing a frame of video (after a random amount of time being on that channel) and did this three times. Combined all three.. bam! Hello Johnny Mnemonic encryption!

[metric]

haha thanks for the replies folks...

@modi123_1: Sig is gone for now, thanks for the notice.

What do you guys recommend thats simple and fairly secure...I'm not looking for crazy strong just need to delay prying eyes for a bit.

[macosxnerd101]

Take a look at RSA encryption. It is extremely simple, yet extremely hard to break.

The encryption formula is: c = message^x (mod n), where message is an integer. To decreypt, p = c^d (mod n), where d = e^(-1) (mod phi(n)). Phi(n) is Euler's totient function, which relies on factoring n. If n is an extremely large number, it becomes increasingly harder to factor it. And there in lies your security. It doesn't take much to increase the size of n, but it becomes increasingly difficult to factor it.

[supercorey]

RSA is the leading edge in public key cryptography. Information about the algorithm is available at this website in a simplified form:
http://www.di-mgt.com.au/rsa_alg.html

RSA wasn't designed for encrypting entire files; it was designed to encrypt the keys of a symmetric-key algorithm such as BLOWFISH, TWOFISH, AES(Rijn Dael), etc. This all has to do with fancy math stuff like the key size of your RSA. As for the symmetric key encryption, I would suggest AES (aka Rijn Dael) since it is the national standard for the United States(not really sure that means much more than that the NSA spent extra time trying to crack it LOL).

Using a strong cipher like RSA to encrypt the keys of a symmetric-key cipher is pretty much how "unbreakable" encryption is done today, but as everyone pointed out, there is no such thing as unbreakable, just things that would take ridiculously infeasible amounts of time to crack.

[stackoverflow]

baavgai, on 27 April 2011 - 03:02 PM, said:

There's no such thing as unbreakable encryption. Rather, there are encryption schemes that take so long to break that they are considered secure.

There are also some that are considered trivially easy. I'm afraid XOR, or any simple replacement, falls into this category.

Actually, there has only been one type of encryption mathematically proven to be impossible to crack. The one-time pad. However, no implementation has been made of a perfect one so far.

[baavgai]

You're picking nits and raising the dead for no particular reason.

Read farther:

The theoretical perfect security of the one-time-pad applies only in a theoretically perfect setting; no real-world implementation of any cryptosystem can provide perfect security because practical considerations introduce potential vulnerabilities.
-- http://en.wikipedia.org/wiki/One-time_pad#Problems

If it should make you happy, I'll restate explicitly what I thought was understood implicitly: There's no such thing as practical unbreakable encryption.

In application a one time pad becomes no better than security through obscurity. You have to keep the pad for the particular message and hope no one finds it. My security then becomes no better than the method that needs be employed to bring pad and message together for decryption.

[jon.kiparsky]

"In application a one time pad becomes no better than security through obscurity"

To play the devil's advocate for a moment, isn't that equally true for any crypto algorithm? That is, you always have something that you need to know, do, or have in order to read the secret message. In the case of the one-time pad, that something is a non-patterned string of data. That has advantages (there's no pattern to extract) and disadvantages (the encryption method doesn't compress).
It is true for both one-time pad and RSA that knowing the method of encryption doesn't help you to break it, because there is a further piece of knowledge which you keep hidden. For that matter, a simple rotation cipher relies on a piece of hidden knowledge, although that knowledge is trivially discoverable, and therefore not hidden very effectively.

The problems with one-time pads, it seems to me, are more practical inconvenience. If you and I are going to maintain encrypted communication, we have to maintain another channel, which must also be secure, in order to keep up our supply of encryption. If we don't, eventually we run out of secret, and the oonversation is over. An algorithmic method, on the other hand, doesn't run out over time, although in principle the odds of it being compromised do increase over time. (a diferent consideration)

[Vestah]

No, RSA like other asymmetrical encryptions works differently in that you use one key to encrypt and another to decrypt.
Consider the three people Alice, Bob and Eve (whom traditionally are used to describe these kind of scenarios)
With RSA Alice has a public key which is known to all and a private key which is known only to herself. If Bob wants to send an encrypted message to Alice he uses the public key to encrypt it. The beauty of this system is that you have to use the private key to decrypt it. It doesn't matter that Eve knows about the public key and listens to the message since she cannot do anything with it.
With the one-time pad both Alice and Bob must know the key. Once they have the key its bullet proof, but the problem is arriving to that stage. How can you ensure Alice and Bob shares the key while nobody else knows about it?


In practice Bob would probably sign the message (encrypt it with his private key) before encrypted it with Alice's public key so that Alice can use Bob's public key to verify that the message has indeed come from Bob.

[baavgai]

Holy crap, the thread is possessed! WTF necro bait?

On names, Alice and Bob are the classic two parties. A and B, get it? The third party isn't so standard. Logically, they're someone with a C name, like Charlie, Carlo, Carlos, etc. Another party continues down the alphabet. However, since the third party often has more intent than simply being part of the conversation, they often get special names.

Eve, as in eavesdropper, is a passive snooper. She must have joined Alice and Bob early on, because she does show up a lot. However, the name does follow intent.

Mallory is our malicious attacker. Passive watching only gets you so far, if you're moving into man in the middle land, you're probably no longer Eve for purposes of narrative.

There's actually an entire cast of characters in scenario descriptions. I'm not sure why they departed from just capitol letters at some point in history, but it does make the descriptions kind of fun.

[modi123_1]

I believe this is the list you are talking about:

http://en.wikipedia....t_of_characters