2009. szeptember 16., szerda
Cracking XOR Encryption
Problem/Question/Abstract:
Well, there seems to be a trend to post xor encryption routines... so here a simple example of how to break the encryption...
Answer:
Drop a button and edit box on the form, text in the edit box has to be at least 8 chars. if you're using to actualy break an encrypted string, just fill buffer [0..7] with encrypted data and fill [0..7] with the plaintext you assume is encrypted (pretty easy, you username of something of the sort).
I'd like to thank Cheng Wei for pointing out my rediculously slow calls to Edit1.text[i]. i've rethought the algorithm out, and it now tests keys as 2 longwords. as a result of this fix, it now scans 100,000,000 keys in 15seconds on my duron 600! WAAAHOOOOO! Thanks allot Cheng!
Please don't go on ranting about how most ppl don't know how to break xor encryption so it's good enough. it's simply negligence. if someting is worth encrypting then do it properly or don't bother.
procedure TForm1.Button1Click(Sender: TObject);
var
i, j: longword;
thistime, lasttime: longword;
buffer: array[0..7] of byte;
b: array[0..1] of longword absolute buffer[0];
plaintext: array[0..7] of byte;
p: array[0..1] of longword absolute plaintext[0];
key: array[0..7] of byte;
k: array[0..1] of longword absolute key[0];
begin
lasttime := gettickcount;
randomize;
if length(edit1.text) < 8 then
exit;
for i := 0 to 7 do
begin
plaintext[i] := byte(edit1.text[i + 1]);
buffer[i] := plaintext[i] xor random(256); //encrypt
end;
i := 0;
repeat
for j := 0 to 1000000 do //loop is unrolled by compiler
begin
randseed := i;
key[0] := random(256);
key[1] := random(256);
key[2] := random(256);
key[3] := random(256);
key[4] := random(256);
key[5] := random(256);
key[6] := random(256);
key[7] := random(256);
if b[0] xor k[0] = p[0] then //test key in blocks of 4
if b[1] xor k[1] = p[1] then
begin
thistime := gettickcount;
caption := 'The key is: ' + inttostr(i) + ' (' + inttostr((thistime -
lasttime) div 1000) + 'sec)';
Exit;
end;
inc(i, 1);
end;
caption := inttostr(i);
application.processmessages;
until i > longword(MaxInt);
end;
I'll be posting an article on writting a complete cryptosystem soon enough. i need to read into the legalities first because of canadian encryption laws.
Feliratkozás:
Megjegyzések küldése (Atom)
Nincsenek megjegyzések:
Megjegyzés küldése