| Subject: | I'm not a cryptography expert and I... |
|---|
| Summary: | Package rating comment |
|---|
| Messages: | 2 |
|---|
| Author: | Artur Graniszewski |
|---|
| Date: | 2011-02-08 12:39:38 |
|---|
| Update: | 2011-02-08 17:30:02 |
|---|
| |
|
|
Artur Graniszewski rated this package as follows:
| Utility: | Insufficient |
|---|
| Consistency: | Good |
|---|
|
|
 Artur Graniszewski - 2011-02-08 12:39:38 I'm not a cryptography expert and I did not tried to break this alghoritm but by looking at this code I think it IS NOT SECURE AT ALL!
1) XOR cryptography is known to the world since the beginning of computer science and even then it wasn't considered as secure.
2) Even using XOR with a very long password and an hidden type of encoded file cannot protect its content from the hacker. This encoder is vulnerable to simple dictionary attacks on password and/or file MIME type.
-----------------------------------------------
In this scenario file is encoded with XOR, then compressed by GZIP and again encoded by XOR. So?
First XOR encodes the file, and the second one decodes it during the same encoding process (so there is no security at all)! The only "security" is that the gzipped content is mostly unreadable by the humans.
In this case however it becomes another problem! Even if the key is unknown to the attacker, he can easily use brute force to decrypt the file by two different ways:
a) try to break the weak user key (using brute force or dictionary attacks)
b) knowing that the file is GZIPped and then XOR'ed - try to discover the key by XORing the first X bytes of file and checking for specific GZIP MIME headers.
In both ways this can be accomplished in just a few minutes on a modern hardware.
 XadillaX - 2011-02-08 17:30:02 - In reply to message 1 from Artur GraniszewskiThanks for your advise.
At first, my mind is to write a reversible algorithm. So I think every algorithm like that are all not safe enough as irreversible. And I'm a newbie of PHPers. In fact, I wrote that just for encoding my cookie information at first. I wanna get information from cookie and make humans read that cookie hard.
And I put it to PHP Classes just for communicating with each others like you and studying.
Haffman tree is a Compression Algorithm and you can set the value of each char. Than it will compression the string with your set of value. I can hard use pointer of PHP, so actually Haffman in my file can not compression but make it longer. Each node of char shows it's position on the Haffman tree.
Glad to waiting for your next message.
|
