Public-key XOR Encryption?

Maybe a lateral solution.... based on steganography rather than cryptography.

A is a VB programmer (which he must be if he is designing XOR encryption). Makes a game / some other app such as an address book chat program, etc. Sends application to B. The application opens up and asks user for their name, as many/most applications do.

On entering A as a username, up comes the XOR code and extra documentation.

The chances of X entering A's name either on purpose or by accident is small to insignificant unless X and A share the same name, making this approach workable in just about all circumstances.

;) :cool: :) :p :D

I’m not convinced. If you take this thread to be X and I post a message here to HaxSoft saying ‘Try this, I think you’ll find it very INTERESTING’ then I think X may spot the message. Also, if soon after this post HaxSoft starts sending encrypted looking files X’s assumption has to be that a key has recently changed hands and would guess where to look. I also have no idea what name HaxSoft may use to log-on to my program and of course any prompting I give has to come over this thread so will be visible to X.

Starman you said:

Quote:

---

If you take this thread To be X And I post a message here To HaxSoft saying ‘Try this, I think you’ll find it very INTERESTING’ Then I think X may spot the message.

---

Well no one said anything other than sending the application to B. Let's say there was no covering note other than 'Please try out my new application'.

Quote:

---

Also, if soon after this post HaxSoft starts sending encrypted looking files X’s assumption has to be that a key has recently changed hands and would guess where to look.

---

Depends on the instructions delivered with the code. The instructions could detail that the encryption not start form x months/years from the date the application is recieved and in the mean time A and B communicate frequently with each other including sending other software to each other. This further removes the likelyhood of X ever finding out the which mail contained the code let alone trying to work out how to access the code.

The approach I have offered is not infallible, but then again show me any sort of encryption/steganography that is. It does however offer a plausible approach given very difficult constraints.

HaxSoft, Your March 7th Smiley has gone, but I copied it.

Did anyone else take a copy or do we have a key?

Nucleus,
Something you said reminded me about the smiley. As you say it's not infallible but now the smiley has gone, a key is available to anyone who took a copy - unfortunately X who may have a copy is unlikely to admit it and will be able to decipher any messages.

X has key, but it is disguised and unrecognisable as key to X, so code is safe.

All the avatars have gone, is it just me or has the site dropped them?

The answer to the problem is to use a different method of decryption then you use for encryption. For example, Here is "Hello" encrypted:
"200000717I1015X197Y197S92UH717e1015l197l197o92". Try and decode it. It uses xor encryption, and it IS reversible. look below for the answer:



























































The method to decode it is really simple. The first several numbers before the "0000" is the length of the string after encryption. you go through that string, up to that length, following the "0000", and remove all letters. You are then left with a series of numbers, followed by some letters with numbers in between. for instance, you have "H", followed by "717". Replace all "717"s with "H"s, in the encrypted string (theres only one in this example). Repeat that with all of the letter-number combinations. I wrote it so that the xor value is random * (random * 1200). This is easily expandable, but the way to solve this problem is to provide the decryption method inside the encrypted string, in such a way that no one knows its actually there (except B =). Just for example purposes, comment, please =).

Z.

How do you tell B how to decrypt it without X knowing? This is the problem.

Hotmail =).

Z.

Hi guys!

I read your opinions and points of that "absolute secure" connection and I had an idea.

Maybe it's only a stupid thought...

I remembered when I was a child, we kids often wanted to talk together in a way that the grown ups didn't understand what we are saying.

There were 2 ways to do that:

1. We figured out a secret language before and then we could talk. (But if someone watched us - he knew what we were saying)

2. We tried to communicate in a way, so that the other party could nearly imagine what the first one was saying and if it was correct, we applied....

There must be also a way for computers to do that.

In order for this to work, A and B must be able to talk toeach other confidentially. Hotmail is a good idea :) If both parties have the algorithm, and X doesnt, then X cant do anything with it. If the encryption with Xor is strong enough, the encryption should be secure. Those simple examples of xor encryption are very simple indeed.

Here's an easy solution:

Instead of the password, use a digital certificate.