
Deciphering Single-Byte XOR Ciphertexts - arpitbbhayani
https://arpitbhayani.me/blogs/decipher-single-xor
======
tialaramex
Note that in practice fancy frequency analysis is usually overkill, and may
even lead you astray against texts that don't match your assumptions. A cheesy
match against ASCII alphanumerics plus space is both simple and often
effective.

~~~
saagarjha
For XOR you only need one letter to match to figure out the rest, and for any
reasonable length plaintext that isn’t just padded with Qs or something is
extremely likely to have E be the most common letter. So in this case it’s not
a bad idea; in slightly more complicated scenarios (such as a substitution
cipher) frequency analysis generally loses its accuracy past a couple letters.

~~~
tptacek
The most frequent character in normal plaintext is not in fact 'e'.

------
dang
Please don't use fake accounts to upvote things. You risk getting banned.

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

[https://news.ycombinator.com/newsfaq.html](https://news.ycombinator.com/newsfaq.html)

~~~
eganist
Out of curiosity, is this message an automated one that triggers e.g. on IP
matches across multiple upvotes, or did you post this one manually?

~~~
dang
I always post manually. Automated posts aren't in the spirit of the site. If
we ever did add them, we'd use a different username.

It probably wouldn't make sense to automate anti-abuse-related posts, though,
since then people would have a new vector through which to game them.

------
rsecora
My first contact with substitution cyphers and frequency analysis was at 11,
reading the Gold Bug from Edgar Allan Poe.

I have fond memories of that time, writing and decoding messages with school
friends.

I have always assume that a lot of people first contact with criptography was
that short story.

~~~
Y_Y
I had a similar experience but with Sir Arthur Conan Doyle and Sherlock
Holmes.

[https://en.wikipedia.org/wiki/The_Adventure_of_the_Dancing_M...](https://en.wikipedia.org/wiki/The_Adventure_of_the_Dancing_Men)

------
cafard
WordPerfect through 5.1 used XOR encryption. With 5.1, as I recall, you had a
dozen or so known bytes early on--nulls or spaces, I forget--so it was trivial
to get any password of a dozen or fewer characters. With 4.2 it was simpler to
build a lookup table of the keys--the key was formed by XORing the characters
of the password with a logical shift after each character.

I believe that Sendero Luminoso made the mistake of trusting to WordPerfect's
encryption, and suffered for that after one or more of its computers were
seized in a raid.

------
SloopJon
Here are a couple of submissions on the cryptopals challenges:

[https://news.ycombinator.com/item?id=8166064](https://news.ycombinator.com/item?id=8166064)

[https://news.ycombinator.com/item?id=12720009](https://news.ycombinator.com/item?id=12720009)

One comment in the first discussion is from a user stuck on the problem
discussed in this blog post.

------
acjohnson55
When I was in high school, I wrote my own encryption algorithm which used a
"hard to guess" function to generate bytes to XOR against a plaintext from a
given key. I'm sure it had glaring vulnerabilities to cryptanalysis, but I
knew enough about frequency analysis to avoid doing a simple substitution
cipher. I won a gold medal in a com sci contest for high schoolers with the
project. Fun times!

------
bzb3
There's an utility I like, XORSearch

