Xor

So it's OTP

Yes. OTP is perfectly secure, and no perfectly secure encryption can be more convenient than OTP. The key space needs to be as large as the message space.

What do you mean by this? OTP as in one-time-pad but how does it work in practice? How do you share the very long key? Why can't it be broken?

wow a really shitty stream cipher
look into salsa20/chacha20 for a good one
en.wikipedia.org/wiki/Salsa20
saged because shit thread

You XOR the message with the key.
You and the recipient both need to have the key, there's no special way to share the key, which is why it's almost never used. Sharing the key securely is typically just as hard as sharing the message securely in the first place.
It can't be broken because for every ciphertext/message pair there is exactly one key which decrypts that ciphertext to that message, which means that knowing the ciphertext gives you no information about the message, other than the length.

This is why OTP isn't practical. If you have a way to secretly share a key the same length as the message you could just share the message itself.

That's not always true. Sometimes you can share the key ahead of time, before there's a message to encrypt, but don't have a secure channel by the time there's a message to send. And there might be cases in which a message can be intercepted, but you'll always know if it's intercepted, in which case you can keep trying to share keys until you know one wasn't intercepted, and then use that key to encrypt the message.
Perfect secrecy isn't really better than imperfect computational secrecy, though, so even in those cases you're better off using more modern encryption. The only realistic use case for OTP I can think of is if you have to encrypt a message using pen and paper, without any sort of computer, because it's simple enough to do by hand.

What about if the randomly generated key is 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000?

highly unlikely. it is more likely that your randomly generated key xored with your message produces non-random looking output

The chance of that happening is equal to the chance that they'd get the correct message by guessing it by flipping coins. There's a way larger chance that you and the recipient both die of a heart attack.
There's a far larger chance that the ciphertext appears to be a coherent message that isn't the actual message than that it is the actual message.
If the message is "Hello", then there's just as large a chance that the ciphertext is "Hello" as that it is "Vines". They still don't get any information, it's just that if they unwisely decide to interpret the ciphertext as if it's the message they would succeed in that particular astronomically unlikely case.
Excluding 0000... as the key actually gives the attacker a minimal amount of information about the message. It tells them that the ciphertext doesn't equal the message. So trying to guard against that scenario makes the encryption less secure.

...

Yes, by definition

>(((definition)))
LOL. hilarious dude

Not if the key sharing happens before you know what message you'll want to send.
For example if you know that you won't have a chance of secure communication after you decide what message you want to send.
So there may be some contrived cases where it's not completely useless.

ep*c

#include #include #include #include #define BUFFER 400int main(void){ char s[] = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*?>

A C program is like a fast dance on a newly waxed dance floor by people carrying razors.

You need to terminate the string
key[BUFFER] = '\0';

oh. should i make s and key const char instead?

key changes so it can't be const.

getting invalid initializer on that. might want to use strcat and stick it on the end of the key after the for loop is complete.

Yeah it's used after you initialize. There's also a buffer overflow so you need to either initialize it to
char key[BUFFER+1];// do stuff herekey[BUFFER] = '\0';

or

char key[BUFFER];// for(etc; i < BUFFER - 1; etc ) but key size will be one less than bufferkey[BUFFER-1] = '\0';

nice. seems to be working good now. just need to maybe use sizeof to get the size of the file to use as the buffer then the xor program should be able to generate it's own random key that should be the same size of the file thus making it secure.... in theory...

While on the topic of 1st year CS crypto, what are some books that anons recommend on cryptography (ideally accessible to below-average undergrads)?

well... it compiled... heh. not sure if it actually will work though.
//XOR Encryption #include #include #include #include int main(int argc, char* argv[]){ // Print usage and exit if args != 5 if (argc != 4) { printf("Usage: \n"); return -1; } // Check to make sure offset is a char that can be converted to an int int offset; if (offset = atoi(argv[3]) == 0) { printf("Invalid offset argument.\n"); return -1; } // Attempt to open input file. Exit if not found FILE* input; input = fopen(argv[1], "r"); if (input == NULL) { printf("Input file %s was not found.\n", argv[1]); return -1; } // Attempt to open output file. Exit if NULL FILE* output; output = fopen(argv[2], "w"); if (output == NULL) { printf("Error creating output file\n"); return -1; } // Generate a random key char s[] = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*?>

yea it's fucked. can't use sizeof for that. lol.

Anything written by David Bentley Hart because that shit is INDECIPHERABLE.

looks like we might have a winner here. it seems to work. im honestly no crypto wizard so feel free to try it and tell me how shit it is or how it can be improved.
//XOR Encryption #include #include #include #include int main(int argc, char* argv[]){ // Print usage and exit if args != 4 if (argc != 4) { printf("Usage: \n"); return -1; } // Check to make sure offset is a char that can be converted to an int int offset; if (offset = atoi(argv[3]) == 0) { printf("Invalid offset argument.\n"); return -1; } // Attempt to open input file. Exit if not found FILE* input; input = fopen(argv[1], "r"); if (input == NULL) { printf("Input file %s was not found.\n", argv[1]); return -1; } // Attempt to open output file. Exit if NULL FILE* output; output = fopen(argv[2], "w"); if (output == NULL) { printf("Error creating output file\n"); return -1; } // Generate a random key char s[] = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*?>

A C program is like a white man writing code while fast dancing on a newly waxed dance floor while the shitskins are outside taking a shit on the street.

White people can do that safely after some training, pajeet.

Handbook of Applied Cryptography by Menezes, van Oorschot and Vanstone.
cacr.uwaterloo.ca/hac/

There's lots of higher math in there, but it's mostly optional to read and understand. You can just skip to ready recipies and algorithms if you don't care about or understand the math behind them.

using special characters in s[ ] causes problems when running this program in bash. bash can't process text input if it's got "!" chars in it. I removed them and it works fine. The key is still going to be secure alpha numeric with upper and lower case anyway.

And he won't get anything done without a humongous expense. All the training in the world doesn't change the fact that there is a real burden placed upon the brain.

Been tinkering with it some more. The last one i posted works but needs a separate program to decrypt it. This one does encryption and decryption but it's no decrypting correctly at the moment.

//XOR Encryption #include #include #include #include // Max amount of chars that can be read from an input file#define MAX_CHARS 100000FILE* input;FILE* output;int openFiles(const char* inputFileName, const char* outputFileName){ // Attempt to open input file. Exit if not found input = fopen(inputFileName, "r"); if (input == NULL) { printf("Input file %s was not found.\n", inputFileName); return -1; } // Attempt to open output file. Exit if NULL output = fopen(outputFileName, "w"); if (output == NULL) { printf("Error creating output file\n"); return -1; } return 0;}void xor(char* key, int offset){ // XOR int encrypt_byte; int key_count = 0; while ((encrypt_byte = fgetc(input)) != EOF) { fputc(encrypt_byte ^ key[offset+key_count], output); key_count++; if (key_count + offset == strlen(key)) { offset = 0; key_count = 0; } }}int genKey(int offset){ // Generate a random key char s[] = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; fseek(input, 0L, SEEK_END); int BUFFER = ftell(input)+1; rewind(input); char key[BUFFER]; int i, u; time_t t; srand((unsigned)time(&t)); for (i=0; i < BUFFER; i++) { u = (double)rand() / RAND_MAX * strlen(s); key[i] = s[u]; } key[BUFFER] = '\0'; // Write key to a text file FILE* keyFile; keyFile = fopen("key.txt", "w"); if (keyFile == NULL) { printf("Error writing key to file\n"); fclose(input); fclose(output); return -1; } fprintf(keyFile, "%s", key); fclose(keyFile); printf("Saved key to key.txt\n"); // Send key to xor function xor(key, offset); return 0;}int main(int argc, char* argv[]){ // Print usage and exit if args < 4 if (argc < 4) { printf("Usage: \n"); printf("Encryption example: unencrypted.txt encrypted.txt 4\n"); printf("Decryption example: encrypted.txt decrypted.txt 4 1 key.txt\n"); return -1; } // Handle null args if (argv[4] == NULL || argv[5] == NULL) { argv[4] = "2"; argv[5] = "nothing"; } // Check to make sure offset is a char that can be converted to an int int offset; if (offset = atoi(argv[3]) == 0) { printf("Invalid offset argument.\n"); return -1; } // Decryption // Check to make sure mode is char that can be converted to an int int mode; if (mode = atoi(argv[4]) == 0) { printf("Invalid mode number\n"); return -1; } else if (mode == 1){ // Attempt to open key file. Exit if not found FILE* keyFile; keyFile = fopen(argv[5], "r"); if (keyFile == NULL) { printf("Keyfile %s was not found.\n", argv[5]); return -1; } // Read in the key from the key file char* keybuf; keybuf = (char*) malloc(MAX_CHARS+1); if (keybuf == NULL) { printf("Couldn't allocate memory. Aborting...\n"); fclose(keyFile); return -1; } printf("Attempting to read from input file.\n"); while (fgets(keybuf, MAX_CHARS, keyFile)!=NULL); keybuf[MAX_CHARS+1] = '\0'; // Open input and output files if (openFiles(argv[1], argv[2]) == -1) { free(keybuf); return -1; } // call xor function printf("XOR %s to %s\n", argv[1], argv[2]); xor(keybuf, offset); free(keybuf); } // Encryption if (openFiles(argv[1], argv[2]) == -1) { return -1; } // Call genKey to generate a key and start the xor operation printf("XOR %s to %s\n", argv[1], argv[2]); genKey(offset); // Close input and output files and exit. fclose(output); fclose(input); printf("Done.\n"); return 0; }

...

Shell shock
Heart bleed

...

You're willfully missing the point. The point is that you can't just say "I'm a white man, I do things perfectly". There is a cost to everything. For the vast majority of application software, we don't need to invest the effort to achieve the work in C. There's thinking about application logic and then there's C memory booking that's applied on top of that work. It is this fetishistic approach that "all our work must be done in C and we will do it perfectly" that inherently implies two things: doing it correctly will take forever to achieve thus nobody will get any work done: doing it quickly means . It doesn't have to be this way, all it takes is to let go of the C fetish for anything that doesn't demand such a big rigor. 10/10

A C program is like Dennis Ritchie taking a shit on a white man writing code while fast dancing on a newly waxed dance floor.

Well looks like it's working now. It successfully encrypted and decrypted a text file. Use it and abuse it. I'd like to know if it's any good or not so i can encrypt my passwords with it.

//XOR Encryption #include #include #include #include // Max amount of chars that can be read from an input file#define MAX_CHARS 100000FILE* input;FILE* output;int openFiles(const char* inputFileName, const char* outputFileName){ // Attempt to open input file. Exit if not found input = fopen(inputFileName, "r"); if (input == NULL) { printf("Input file %s was not found.\n", inputFileName); return -1; } // Attempt to open output file. Exit if NULL output = fopen(outputFileName, "w"); if (output == NULL) { printf("Error creating output file\n"); return -1; } return 0;}void xor(char* key, int offset){ // XOR int encrypt_byte; int key_count = 0; while ((encrypt_byte = fgetc(input)) != EOF) { fputc(encrypt_byte ^ key[offset+key_count], output); key_count++; if (key_count + offset == strlen(key)) { offset = 0; key_count = 0; } }}int genKey(int offset){ // Generate a random key char s[] = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; fseek(input, 0L, SEEK_END); int BUFFER = ftell(input)+1; rewind(input); char key[BUFFER]; int i, u; time_t t; srand((unsigned)time(&t)); for (i=0; i < BUFFER; i++) { u = (double)rand() / RAND_MAX * strlen(s); key[i] = s[u]; } key[BUFFER] = '\0'; // Write key to a text file FILE* keyFile; keyFile = fopen("key.txt", "w"); if (keyFile == NULL) { printf("Error writing key to file\n"); fclose(input); fclose(output); return -1; } fprintf(keyFile, "%s", key); fclose(keyFile); printf("Saved key to key.txt\n"); // Send key to xor function xor(key, offset); return 0;}int main(int argc, char* argv[]){ // Print usage and exit if args < 4 if (argc < 4) { printf("Usage: \n"); printf("Encryption example: unencrypted.txt encrypted.txt 4\n"); printf("Decryption example: encrypted.txt decrypted.txt 4 1 key.txt\n"); return -1; } // Handle null args if (argv[4] == NULL || argv[5] == NULL) { argv[4] = "2"; argv[5] = "nothing"; } // Check to make sure offset is a char that can be converted to an int int offset; if (offset = atoi(argv[3]) == 0) { printf("Invalid offset argument.\n"); return -1; } // Decryption // Check to make sure mode is char that can be converted to an int int mode; /* THIS KEEPS THE USER FROM INPUTING AN INVALID CHAR BUT HAD TO BE REMOVED- BECAUSE IT SCREWS UP EVERYTHING FOR SOME REASON IDK WHY. if (mode = atoi(argv[4]) == 0) { printf("Invalid mode number\n"); return -1; }*/ mode = atoi(argv[4]); if (mode == 1) { // Attempt to open key file. Exit if not found FILE* keyFile; keyFile = fopen(argv[5], "r"); if (keyFile == NULL) { printf("Keyfile %s was not found.\n", argv[5]); return -1; } // Read in the key from the key file char* keybuf; keybuf = (char*) malloc(MAX_CHARS+1); if (keybuf == NULL) { printf("Couldn't allocate memory. Aborting...\n"); fclose(keyFile); return -1; } printf("Reading key from %s\n", argv[5]); //while (fgets(keybuf, MAX_CHARS, keyFile)!=NULL); fscanf(keyFile, "%s", keybuf); keybuf[MAX_CHARS] = '\0'; // Open input and output files if (openFiles(argv[1], argv[2]) == -1) { free(keybuf); return -1; } // call xor function printf("XOR %s to %s\n", argv[1], argv[2]); xor(keybuf, offset); free(keybuf); } // Encryption if (openFiles(argv[1], argv[2]) == -1) { return -1; } if (mode != 1) { // Call genKey to generate a key and start the xor operation printf("XOR %s to %s\n", argv[1], argv[2]); genKey(offset); } // Close input and output files and exit. fclose(output); fclose(input); printf("Done.\n"); return 0; }

...

all crypto is only probablistically secure, and they're much weaker than getting 9000 0's as a key.

what?
The reason why get an all 0 key is not an issue is that the all 0 key is not the only key that gives a valid message. Imagine if you intercepted an encrypted message and it said god. There is no way to prove if the original message was god (all 0 key) or if it could have been any other three letter word like red, dog, or Ben for example. If you have a very long input, there are tons of false messages which look correct.

rand is not a CSPRNG. This is just as bad as your first version.
Just stop, my dude.

works on my machine.

Yeah. It will work on NSA's machines too.

why do not trust /dev/urandom? i know it's no a true RNG but why do you not think it's good enough to generate a key? the only problem i see in my implementation is that if you run the genkey function say in a for loop it will generate the same key because it uses time to seed it. so if it happens to fast the seed doesn't change and it makes the same key again. but that's unlikely to happen in the program i posted above.

but your argument all comes down to not trusting /dev/urandom.

I do trust /dev/urandom but you are using rand.
Also no matter how you generate the key, if the message is longer than the key you can trivially compute the key. See
Kill yourself, my dude.

the key should always be longer than the message in my code.

Doesn't matter as you are using rand to generate it.

i use srand() to seed rand().

geeksforgeeks.org/rand-and-srand-in-ccpp/

Doesn't matter because rand isn't a CSPRNG.

how about this.
man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/arc4random.3?query=arc4random&sec=3

Yes. But your gen_key function is still shit because you are fucking about withou floating point numbers and ASCII characters. Just xor the raw bytes together.
Even if you fix this your program is still unpractical because the keyfile is as long as your plain/ciphertext.
See

with

...

don't laugh at me. i've only been learning C for 2 weeks.

that is true but that wouldn't matter if i never planned to share the key. that sort of attack would depend on the attacker having access to the key file.

I said it is unpractical. I wasn't speaking of an attack.

i just ASCII would be easier to use because in my first version it took the key as an argument to decrpyt it. but this version just reads it in from a file so the user never really needs to interact with it.

I love this board and all of you faggots. Never change.

I wrote an actually secure file encryption program in Rust: use std::cmp::min;use std::fmt::Display;use std::io::{self, Read, Write};use std::ops::{Deref, DerefMut};const RATE: usize = 16;const CHUNK_LEN: usize = RATE * 256;const USAGE: &str = "Usage: decrypt|encrypt ";struct Wrapper(State);#[derive(Default)] struct State([u32; 32]);impl Wrapper { fn new(mut key: &[u8]) -> Self { let mut state = State::default(); loop { let len = min(RATE, key.len()); xor(&mut state[..len], &key[..len]); if len < RATE { state[len] ^= 1; } state[RATE] ^= 0x80; state.permute(); key = &key[len..]; if key.is_empty() { break; } } Wrapper(state) } fn wrap(&mut self, data: &mut [u8]) -> &[u8] { self.wrap_impl(data, ::copy_from_slice) } fn unwrap(&mut self, data: &mut [u8], tag: &[u8]) -> Result { assert!(tag.len() == RATE); if tag == self.wrap_impl(data, xor) { Ok(()) } else { Err(()) } } fn wrap_impl(&mut self, data: &mut [u8], f: fn(&mut [u8], &[u8])) -> &[u8] { let index = if !data.is_empty() { let mut chunks = data.chunks_mut(RATE); let last_chunk = chunks.next_back().unwrap(); for chunk in chunks { xor(chunk, &self.0[..RATE]); f(&mut self.0[..RATE], chunk); self.0[RATE] ^= 0x80; self.0.permute(); } let len = last_chunk.len(); xor(last_chunk, &self.0[..len]); f(&mut self.0[..len], last_chunk); len } else { 0 }; self.0[index] ^= 1; self.0[RATE] ^= 0x80; self.0.permute(); &self.0[..RATE] }}impl State { fn permute(&mut self) { macro_rules! i { ($a:expr, $b:expr, $c:expr, $d:expr, $e:expr) => { ($a Result { let f = match &*args.next().unwrap() { "decrypt" => { decrypt } "encrypt" => { encrypt } _ => { return Err(Box::new(USAGE)); } }; if let Err(e) = f(&mut Wrapper::new(args.next().unwrap().as_bytes()), &mut io::stdin(), &mut io::stdout()) { return Err(Box::new(e)); } Ok(())}fn decrypt(wrapper: &mut Wrapper, reader: &mut R, writer: &mut W) -> io::Result { let mut buf = [0; CHUNK_LEN]; loop { let len = fill_buf(reader, &mut buf)?; if len < RATE { return Err(io::Error::new(io::ErrorKind::UnexpectedEof, "")); } { let (data, tag) = buf.split_at_mut(len - RATE); wrapper.unwrap(data, &tag[..RATE]).map_err(|()| io::Error::new(io::ErrorKind::InvalidData, "tag mismatch"))?; } writer.write_all(&buf[..len - RATE])?; if len < CHUNK_LEN { return Ok(()); } }}fn encrypt(wrapper: &mut Wrapper, reader: &mut R, writer: &mut W) -> io::Result { let mut buf = [0; CHUNK_LEN]; loop { let len = fill_buf(reader, &mut buf[..CHUNK_LEN - RATE])?; let tag = wrapper.wrap(&mut buf[..len]); buf[len..][..RATE].copy_from_slice(tag); writer.write_all(&buf[..len + RATE])?; if len < CHUNK_LEN - RATE { return Ok(()); } }}fn fill_buf(reader: &mut R, mut buf: &mut [u8]) -> io::Result { let len = buf.len(); while !buf.is_empty() { match reader.read(buf) { Ok(0) => { break; } Ok(n) => { let tmp = buf; buf = &mut tmp[n..]; } Err(ref e) if e.kind() == io::ErrorKind::Interrupted => {} Err(e) => { return Err(e); } } } Ok(len - buf.len())}fn xor(dst: &mut [u8], src: &[u8]) { assert!(dst.len() == src.len()); unsafe { for i in 0..dst.len() { *dst.get_unchecked_mut(i) ^= *src.get_unchecked(i); } }}

I had to agressively compress it vertically.

yuck

this makes me love C even more.

looks disgusting. i might would use it if you port it to C. I ain't touching that rust sjw shit language.

top LARP.

//Double XOR Encryption #include #include #include int main(int argc, char* argv[]){ // Print usage and exit if args != 5 if (argc != 5) { printf("Usage: \n"); return -1; } // Check to make sure offset is a char that can be converted to an int int offset; if (offset = atoi(argv[4]) == 0) { printf("Invalid offset argument.\n"); return -1; } // Attempt to open input file. Exit if not found FILE* input; input = fopen(argv[1], "r"); if (input == NULL) { printf("Input file %s was not found.\n", argv[1]); return -1; } // Attempt to open output file. Exit if NULL FILE* output; output = fopen(argv[2], "w"); if (output == NULL) { printf("Error creating output file\n"); return -1; } printf("Double XOR Encrypting %s to %s\n", argv[1], argv[2]); char* key = argv[3]; int encrypt_byte; int key_count = 0; // XOR while ((encrypt_byte = fgetc(input)) != EOF) { fputc(encrypt_byte ^ key[offset+key_count] ^ key[offset+key_count], output); key_count++; if (key_count + offset == strlen(key)) { offset = 0; key_count = 0; } } // Close input and output files and exit. fclose(output); fclose(input); printf("Done.\n"); return 0;}

maybe try this
#include #include #include #include #include int main(int argc, char **argv){ int rng; int urnd = open("/dev/random", O_RDONLY); read(urnd, &rng, sizeof(int)); close(urnd); printf("%d\n", rng); return 0;}

brilliant

you forgot a 'u'. also: man7.org/linux/man-pages/man2/getrandom.2.html

seems like overkill but ok. one xor should be sufficient.

Modern CPUs have no problem doing two xor ops in one cycle.

just adds needless complication. if one xor will do why use two? now you need two keys. and more lines of code to make it all work.

It is just an additional xor.
To keep the CIA niggers out of my stuff????
and more lines of code to make it all work
look again

ok. lets make a quadruple xor program that uses /dev/urandom to generate the keys and automatically encrypt the loli folders.

why not xor the file N times against the file length key on rotating increment N times.

or rotating offset is a better way to word it.

i guess you could make it do that but then you would also need to use a json to store the key and offset value it used and then another function to read that json in. parse it. and use the data to decrypt. not worth the effort imho.

i just briefly read over getrandom right quick. kinda busy atm but this is more or less what i made of it. not even sure if this works.
#define _GNU_SOURCE#include #include #include #include #include #include int main(void){ // Generate a random key char s[] = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; fseek(input, 0L, SEEK_END); int BUFFER = ftell(input)+1; rewind(input); char key[BUFFER]; int i, u; void* urnd_buf = NULL; unsigned int 0 = 1; int urnd = syscall(SYS_getrandom, urnd_buf, 1, o); for (i=0; i < BUFFER; i++) { u = urnd / RAND_MAX * strlen(s); key[i] = s[u]; } key[BUFFER] = '\0'; // Write key to a text file FILE* keyFile; keyFile = fopen("key.txt", "w"); if (keyFile == NULL) { printf("Error writing key to file\n"); fclose(input); fclose(output); return -1; } fprintf(keyFile, "%s", key); fclose(keyFile); printf("Saved key to key.txt\n"); return 0;}

no, just rotate through every possible offset in the key. if the key and file are 1000 bytes long.

put an if somewhere if i+offset > key length, loop around to 0 and start there.

offset=0
key[0+offset]^file[0]=result[0]
...
key[999+offset]^file[999]=result[999]
offset=1
key[0+offset]^result[0]=result[0]
...
key[999+offset]^result[999]=result[999]
offset=2
key[0+offset]^result[0]=result[0]
key[999+offset]^result[999]=result[999]
...
etc

Brilliant. But do double xor. Like this: key[i+offset]^file[i]^key[i+offset]=result[i]
That way it is also protected from the right side.

Should be

if you xor the key twice then it neutralizes itself. but you could do and rotate the offset on the second key too.
key[i+offset]^file[i]^key[i+offset+j ]=result[i]