[madars]

Your E/Fp has order 2^3 * 3 * 37991 * 21183269 * 373015308871 * 16071902378831708724506232718210977087913221837027589 and thus you can't hope for more than 86 bits of security due to Pohlig–Hellman, never mind cofactor attacks. encrypt() is also insecure (xor every byte of the message with the same shared secret byte), even if you chose a better curve.

[tptacek]

This is much better version of the sibling comment but I'm a message board nerd and can't keep myself from pointing out that this code is probably a little bit tongue-in-cheek.