Hacker News new | past | comments | ask | show | jobs | submit login

If we could only make them understand that forcing the good guys to not encrypt doesn't take encryption away from the bad guys. Legislators don't understand that encryption doesn't have to be made by Apple for the bad guys to have encryption. A shared key and XOR gives you unbreakable encryption. A high school comp sci. kid could implement that.



yep. Crete 3tb of one time pads, exchange hard disks and enjoy.


Incorrect, if the key is shared the encryption is breakable. If you're just doing one round of XOR it's pretty easy to break the key given a known plaintext, in the same way that AES is very breakable in ECB mode.

For unbreakable encryption, I'd suggest XORing with the contents of /dev/random (assuming /dev/random is unknowable). Of course decryption may be an issue.


In context, I'm sure the parent commenter meant "a random key the same length as the plaintext", not a repeating key or a reused key.


Some people when faced with an encryption problem think 'I know, I'll use a non-repeating random text to XOR against the plain text', now they have two encryption problems.


Three if you count entropy.


Thanks. Yup.


Wrong. It's just not secure in all contexts e.g. your example where you have a known plaintext that you can use to crack the key which then lets you decrypt something encrypted with the same key. You're discovering why XOR isn't widely used in a real-world setting.


"If you're just doing one round of XOR it's pretty easy to break the key"

If you're doing two rounds, it's even easier!




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: