Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Here is a C implementation I just banged together. http://www.quelsolaar.com/crypto_test.c (yet another possible source of embarrassment)

Ill try to put together a "test" for the algorithm.



Your key is based on an insecure RNG. It's trivial to reconstruct the seed and thereby recover the key.

Your key isn't random. It's the same every time.

This example also isn't communicating any secrets, so it's not really cryptography.


I think that the author is more interested in the design of the encryption algorithm rather than the specifics of the reference implementation provided. So yeah a dodgy prng was used but is there anything wrong otherwise - i.e. something inside the algorithm itself that reduces its efficacy and makes it vulnerable.


Well, if they would provide an actual implementation rather than a reference implementation, then I would break it. Breaking cryptography often depends on breaking implementations, not breaking the underlying theory. That's why AES-CTR is theoretically secure but so deviously hard to actually implement.


I note in the comments that the random number generator is not secure in any way. Its just a handy thing for testing, not something you would use in real life.


Ok, well, if you ever actually implement your theory, then I would love to break it for you. Shoot me an email (sillysaurus2 at gmail) if you ever do.


I like the idea of mutating both the output and the key. You are using it for a single pass over the length of the data. You could use the final key as input to another round of crypto. Repeating it for a number of rounds would keep it deterministic, but increase the computational load of an attacker and create an even distribution of input to output. Ah, problem could be that decryption would need the final key, not the one you started with, if so it would be good for a 1-time hash. So the key idea for the crypto is the nuking of the part of the key that was just used for the xor. Thing that concerns me is if the attacker has access to your crypto in binary form, he could run it again and again on different inputs (data,key) to infer its structure - you'd want to slow him down.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: