[WEB SECURITY] a new 'Secret Key' Cryptographic Algorithm ~ any analysis/suggestions/weakness will be helpful ~ Variation of One-Time Pad

Claudio Telmon claudio at telmon.org
Wed Apr 27 05:19:26 EDT 2011


I downloaded the code and simply tried to encode a block of zeroes... as
you can see if you look at the result with an hex editor, a clear
pattern appears in the cyphertext. See what happens instead if you try e.g.:
openssl enc -e -rc4 -in plain -out cypher
This is just to show that the fact that you're feeding the plaintext as
key, with minimal initialization, is weak and implies that both the key
and the cyphertext are almost as biased as the plaintext. BTW, I tried
to change the key from ABK to ACK, and a single bit changed as a
consequence in the cyphertext pattern. This is just to show that the
design is wrong, without going into math. Don't suppose that those
desining more complex algorythms do so because they don'y know better.
Not to be rude, but don't just try to change a couple of steps in your
code and resubmit: there's a lot of books and papers on cryptography,
this one has been recently recommended by a cryptographer on another
mailing list:
http://www.amazon.com/Cryptography-Practice-Discrete-Mathematics-Applications/dp/1584885084

Regards,

- Claudio

-- 

Claudio Telmon
claudio at telmon.org
http://www.telmon.org





More information about the websecurity mailing list