[WEB SECURITY] a new 'Secret Key' Cryptographic Algorithm ~ any analysis/suggestions/weakness will be helpful ~ Variation of One-Time Pad
mike at deadliestwebattacks.com
Tue Apr 26 16:54:52 EDT 2011
It also looks like your approach suffers from weakness like block ciphers in ECB mode. (http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation)
Perhaps you should recommend that the secret key length be the same length as the file to be encoded/decoded?
It seems strange that avoiding PRNGs, salts, and IVs (to say the least) are espoused as a positive property of this approach. Otherwise, why not just use ROT13? Or two rounds of ROT13 to be doubly secure?
From: Abhishek [ABK] Kumar <abhikumar163 at gmail.com>
To: Michal Zalewski <lcamtuf at coredump.cx>
Cc: websecurity at webappsec.org
Sent: Tuesday, April 26, 2011 9:37 AM
Subject: Re: [WEB SECURITY] a new 'Secret Key' Cryptographic Algorithm ~ any analysis/suggestions/weakness will be helpful ~ Variation of One-Time Pad
I've updated the aQikCipher Repository, and there is no more data leakage...
now here XORing have been switched to
but this wouldn't leak any data, as I didn't find it to be capable for backtracking... any analysis/suggestion/flaw
I'll be implementing rotation of "secret[sec_idx]" data to increase diffusion.
On Tue, Apr 26, 2011 at 3:05 AM, Michal Zalewski <lcamtuf at coredump.cx> wrote:
> In this variation, entire one-time pad can be generated in a pure random way just using Key and Data... no (pseudo) random number generators, salt and IVs required.
>As I understand it, your algorithm can be paraphrased as:
>1) Start with a random string as a key. For clarity, let's call it
>original_secret. It's hardcoded as "ABK\0" in your example (I'm not
>sure you understand ASCIZ here).
>2) Copy the original_secret to new_secret using strncpy.
>3) For every input character (let's call it in_chr), you calculate
>new_key = secret[pos] ^ new_secret[pos]. The outcome of this XOR will
>be always zero during the first pass, leaving strlen(original_secret)
>4) Compute out_chr = in_chr ^ new_key and output it.
>5) Substitute new_key[pos] with the previously calculated output, out_chr.
>6) When you hit the end of new_secret, reset pos to zero and go to 3.
>I am half-hoping that this is a joke, but if not: the first bytes of
>your output will be identical to input, and all the subsequent ones
>will trivially depend on the previously seen data.
The Web Security Mailing List
WebSecurity RSS Feed
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
websecurity at lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity