SourceForge Logo



BrowseX XOR Encryption
BrowseX XOR Encryption

DISCLAIMER: The following might give cryptographers a chuckle.

BrowseX  implements a fast, nearly zero overhead, XOR based encryption. The fact is that XOR'ing data with a password is an extremely fast way to encrypt data. Unfortunately, XOR encrypted text can be broken extremely easily via the following attack.

  1. Assume password length is 8.
  2. XOR every 8th character with 'A'
  3. If they all show up as ASCII, you've probably got the first character of the password
  4. Otherwise repeat from step 2, with the next alphabetic
  5. If no success, repeat from step 1 with shorter/longer password length
  6. else repeat from step 2 for other password characters.
The weakness being exploited is the fact that the password characters are being used unaltered in the same predictably repeating sequence.

The BrowseX  XOR encryption varies this by generating a start seed based upon the XORing of all characters in the password. Modulo arithmetic is used with the seed to determine the offset within the password to start. Modulo is again used to determine when to recalculate the seed based upon the currently selected password character. And finally, the password character itself is XORed with the current seed before it is itself used to XOR the data.

The means that the period of the XORing is varying unpredictably, as is the the permuting of the password. The downside: fast encryption is more easily subjected to brute force attacks. Algorithm follows.

int xor_aperiodic(char *pass, char *ibuf, char *obuf, int ilen) {
  int plen=strlen(pass);
  int i, n=0, p=-1;
  char seed, rval;
  if (ilen<0) ilen=strlen(ibuf);
  for (i=1; i<plen; i++) {
  for (i=0; i<ilen; i++) {
    if (p>=plen) p=0;
    if (p==(seed%plen)) {
  return ilen;

main() {
  char buf[200], buf2[200];
  int n=
   "based upon the XORing of all characters in the password",buf,-1);
  printf("ENC: %s\n", buf);
  xor_aperiodic("funkydog", buf,buf2,n);
  printf("DEC: %s\n", buf2);

Copyright © 1999-2001   Browsex Systems Inc