Anyone who knows more than 2 things about cryptography knows that XOR encryption is insecure. The fact is that it's a polyalphabetic cipher except that the alphabet consists of 0 and 1 instead of A to Z. Allow me to quote Applied Cryptography by Bruce Schneier:

"The simple-XOR algorithm is really an embarassment; it's nothing more than a Vigenere polyalphabetic cipher...There's no real security here. This kind of encryption is trivial to break, even without computers...An XOR might keep your kid sister from reading your files, but it won't stop a cryptanalyst for more than a few minutes."

When wonko says "fairly secure encryption algorithm," he's only right if you consider fairly secure to be fairly secure from a crypto idiot. Sorry to be so harsh, but this was just oh so very ignorant. Putting faith in this kind of encryption has been the downfall of many "secure" products.

I will note that if the key is longer than the message, you have some level of security. This is called a one-time pad. Essentially, a OTP is a message XOR'd against a seemingly random string of characters. If the key is shorter than the message, then we repeat the key over and use it a second time, rendering it insecure. These are difficult in practice and are actually rarely used in practical situations. If you can generate a random string as long as the message that you supply as the key and share it will the message's recipient somehow, well then perhaps you should start to consider something like this because you've got a one-time pad, but don't use "this is a short secret" as the key for a long message.

Thanks to wonko for updating his writeup

Log in or register to write something here or to contact authors.