BrowseX
SourceForge Logo
BrowseX
 Home
 News
 Download
 Features
 Demos
 
 API
 SQLite
 TML
 Dballoc
 Javascript
 Mailer
 Address
 Mimetypes
 Portal
 DynDNS
 Talk
 ZipView
 TDB
 Packaging
 Passman
 Thin
 
 Press
 Docs
 Bugs
 FAQ
 Pros
 Why
 License
 Contacts

Search
Links
 Scriptics
 Tkhtml
 Postgres
 OpenSSL
 Img
 Baremetal

Contact
peter@browsex.com

BrowseX XOR Encryption
BrowseX XOR Encryption

DISCLAIMER: The following might give cryptographers a chuckle.

BrowseX  implements a fast, nearly zero overhead, XOR based encryption. The fact is that XOR'ing data with a password is an extremely fast way to encrypt data. Unfortunately, XOR encrypted text can be broken extremely easily via the following attack.

  1. Assume password length is 8.
  2. XOR every 8th character with 'A'
  3. If they all show up as ASCII, you've probably got the first character of the password
  4. Otherwise repeat from step 2, with the next alphabetic
  5. If no success, repeat from step 1 with shorter/longer password length
  6. else repeat from step 2 for other password characters.
The weakness being exploited is the fact that the password characters are being used unaltered in the same predictably repeating sequence.

The BrowseX  XOR encryption varies this by generating a start seed based upon the XORing of all characters in the password. Modulo arithmetic is used with the seed to determine the offset within the password to start. Modulo is again used to determine when to recalculate the seed based upon the currently selected password character. And finally, the password character itself is XORed with the current seed before it is itself used to XOR the data.

The means that the period of the XORing is varying unpredictably, as is the the permuting of the password. The downside: fast encryption is more easily subjected to brute force attacks. Algorithm follows. 

int xor_aperiodic(char *pass, char *ibuf, char *obuf, int ilen) {
  int plen=strlen(pass);
  int i, n=0, p=-1;
  char seed, rval;
  if (ilen<0) ilen=strlen(ibuf);
  seed=pass[0];
  for (i=1; i<plen; i++) {
    seed=seed^pass[i];
  }
  p=(seed%plen);
  for (i=0; i<ilen; i++) {
    p++;
    if (p>=plen) p=0;
    rval=pass[p];
    if (p==(seed%plen)) {
      seed=(pass[p]^seed);
    }
    rval=(pass[p]^seed);
    obuf[n++]=(ibuf[i]^rval);
  }
  obuf[n]=0;
  return ilen;
}

main() {
  char buf[200], buf2[200];
  int n=
  xor_aperiodic("funkydog", 
   "based upon the XORing of all characters in the password",buf,-1);
  printf("ENC: %s\n", buf);
  xor_aperiodic("funkydog", buf,buf2,n);
  printf("DEC: %s\n", buf2);
}

Copyright © 1999-2001   Browsex Systems Inc   http://BrowseX.com