[WEB SECURITY] a new 'Secret Key' Cryptographic Algorithm ~ any analysis/suggestions/weakness will be helpful ~ Variation of One-Time Pad
Michal Zalewski
lcamtuf at coredump.cx
Mon Apr 25 17:35:39 EDT 2011
> In this variation, entire one-time pad can be generated in a pure random way just using Key and Data... no (pseudo) random number generators, salt and IVs required.
As I understand it, your algorithm can be paraphrased as:
1) Start with a random string as a key. For clarity, let's call it
original_secret. It's hardcoded as "ABK\0" in your example (I'm not
sure you understand ASCIZ here).
2) Copy the original_secret to new_secret using strncpy.
3) For every input character (let's call it in_chr), you calculate
new_key = secret[pos] ^ new_secret[pos]. The outcome of this XOR will
be always zero during the first pass, leaving strlen(original_secret)
bytes "unencrypted".
4) Compute out_chr = in_chr ^ new_key and output it.
5) Substitute new_key[pos] with the previously calculated output, out_chr.
6) When you hit the end of new_secret, reset pos to zero and go to 3.
I am half-hoping that this is a joke, but if not: the first bytes of
your output will be identical to input, and all the subsequent ones
will trivially depend on the previously seen data.
/mz
More information about the websecurity
mailing list