|
|
|
|
|
|
by rlk
3940 days ago
|
|
|
It's a neat idea, but I hope nobody uses it for anything actually sensitive until the crypto is fixed: The app uses counter mode encryption with no nonce. In counter mode, the encryption process uses a stream of pseudo-random bytes generated by encrypting an incrementing counter with the secret key. The message is then XORed against this keystream. For this to be secure, you need the keystream to be different for each message. Otherwise, if you have multiple messages where the plaintext is XORed against the same keystream, you can take the XOR of any two ciphertexts, and you have: C1 ^ C2 = (P1 ^ K) ^ (P2 ^ K)
= (P1 ^ P2) ^ (K ^ K)
= (P1 ^ P2) ^ 0
= P1 ^ P2
And now you can break that by statistical techniques, or just trial and error.(Obligatory crypto challenges link: http://cryptopals.com/sets/3/ ) |
|
|