[Typo3-dev] OT: Encryption

[Robert Lemke]

On Mon, 2004-04-05 at 15:38, Chi Hoang wrote:
> we used this XOR-Method back in the days on our demos and intros in the late
> 80 (all in 68000-assembler  language on Atari ST ;) ), too. Very simple
> fast, and very effective. And I think you are right, if the attacker dont
> know the key, and the key is used only once(!), then it is the best
> encryption so far. Otherwise the attacker could make a statistical research
> on the output of the encrypted code and sooner or later he has the password.
> But you dont need the whole bible as password string in most cases. The
> password string has just to be as long as the input string to make it safe -
> not lesser or longer. And if you use it only once it is unbreakable. But Im
> not a crypto-expert or so. Just curious.

I think you're right. 

Though one problem might be that you can possibly guess the pattern in
the e-mail example: 

Imagine a list of e-mail adresses for employees of a certain company,
all of them ending with "@company.com". By having that information you
could possibly find out the encryption key (ie. the salt), using some
statistical methods.

No problem if this e-mail list is public anyway, but other parts of the
website might use the same salt and therefore might now be easier to
decrypt.

No crypto-expert either ...

-- 
robert

"They placed me on this earth without a manual. 
 And I dare to say, I’m doing just fine without ;)"