Xor Security
Xor has got to be one of the weakest methods of encrypting data. Without the password, it isn’t too hard to find it. The Xor method is more of an encoding algorithm. You have your text, and you have your password. As you loop through each letter in your text, each character in the password is matched up and an XOR operation is performed on the two. When the password runs out of characters, you start at the beginning again.
Xor is weak for a simple reason. If you know a small portion of the unencoded message, you can perform an Xor operation on just the position those characters in the encoded message to get the password. So if you know that your message ends with a period, you can Xor the last character of the encoded message against a period character. People can take it a step further and look for patterns that could translate to words. Others would use statistics such as the space character would appear most, then the letter “E”, and so on.
Well, all this boils down to SecondLife. I’m starting to script my objects to talk to each other for a game that I’m creating within that world. I’m still a bit confused with what approach I should take. I just don’t want people building there own objects to listen in on my objects communications. I’m tempted to look into RSA and RC4 encryption, but the strength is limited to only 16 bits in the game due to the nature of how integers are setup in LSL script. I’ve done something similar in VB Script that had similar limitations.
March 17th, 2006 at 8:25 am
Hmmm.. I never considered Xor much for encryption. Maybe you can go with a combination of ROT13, Hex and Base64.
March 17th, 2006 at 8:32 am
It shouldn’t really be considered at all. It’s just what is available. In SecondLife, the Xor Encryption is returned as Base64 strings.
March 18th, 2006 at 1:46 am
Speaking of you & VBscript: what ever happened to your code gallery? You published a lotta awesome scripts a few years back, but they seem to have no home anymore.
March 18th, 2006 at 1:50 am
Most can be found on Planet Source Code. http://www.planet-source-code.com/ in ASP, SQL, JavaScript, Visual Basic, C/C++, PHP, and the .Net worlds.
March 18th, 2006 at 2:28 am
Ah that’s right, thanks. Here’s the full list:
http://www.planet-source-code.com/vb/scripts/BrowseCategoryOrSearchResults.asp?txtCriteria=Moten&txtMaxNumberOfEntriesPerPage=50
Very nice, but nothing new in a year. SecondLife must be gooood. :>
March 22nd, 2006 at 2:59 pm
Hi,
About the wikness of XOR.. Just Double or triple or quadruple XOR it with the password (of course the encripted code will weight x2×3x4 times biger..) ; I am a fan of yours.. Long time I wos using your
clsField.asp
Author: Lewis Moten
Email: Lewis@Moten.com
URL: http://www.lewismoten.com
————————————–
Thank you !
March 22nd, 2006 at 4:44 pm
the code doesn’t really get much bigger. If you double or quadruple the xor encryption, you get a clear text message. triple just gets you the same thing as the first pass.
What you can do is use very long xor passwords. Something equal to, or longer then the message that you are encoding. It still becomes a problem through when you start comparing multiple messages encoded with the same password.
May 9th, 2006 at 8:53 am
ey i need ur help with this code.. my friend used to use it to decode the codes on the database.. i tried to download it to a website http://demofs.incoretech.com/demo.asp
August 28th, 2006 at 4:29 am
Hi
I tried your sample demo code (rc4 Encryption). it seems like it desn’t work for the entry 028-93-9473 with the key: SupplierSetup
Bala