Waiting for the cracker!

[VBDT]

Hi guys,
Since this forum is for all kinds of tasting I like to test this code before I post it in the code Bank. The code is in VB.Net and it has two functions Encrypt and Decrypt. I like to here your opinions about it and also if this code is good enough to encrypt a string expression that will be hard enough to crack down or not. In my opinion the encryption is pretty good. Basically, it xors the expression character with the key character at the time. Note it doesn’t xor the expression characters with the same key character but every time with deferent one. Since it does not have the same pattern with every char it makes encryption secure. For example: string “word” with the key “s2y” will be encrypted this way: letter ‘w’ will be xored with s,2,y, letter ‘o’ will be xored with s,2, letter ‘r’ will be xored with s, and letter ‘d’ will be xored with s,2,y. In addition it might have null characters as well so the text editors will not even show the text after the null char. And also to break the key is very difficult because the key can be any character including Unicode. Thus a key which has seven characters should be checked against 84,431,259,000 different combinations with only 126 ASCII characters. I can’t even imagine what would be the number with 254 or Unicode ASCII characters.

VB Code:

'Author: Arman G.
'Created date: 10/04/2006
Public Class ARGHendeCrypt
    ''' <summary>
    ''' Encrypts a string expression (Unicode also) and returns the encrypted string.
    ''' </summary>
    ''' <param name="_string">A string expression that will be encrypted.</param>
    ''' <param name="key">A string key for encryption.</param>
    Public Function Encrypt(ByVal _string As String, ByVal key As String) As String
        Dim encryptString As String = ""
        Dim i, i1, ascii As Integer
 
        If _string <> "" AndAlso key <> "" Then
            i1 = key.Length - 1
            For Each ch As Char In _string
                While i <= i1
                    ascii = AscW(ch) Xor AscW(key.Substring(i))
                    ch = ChrW(ascii)
                    i += 1
                End While
                i = 0
                i1 -= 1
                If i1 < 0 Then
                    i1 = key.Length - 1
                End If
                encryptString &= ChrW(ascii)
            Next
        End If
        Return encryptString
    End Function
 
    ''' <summary>
    ''' Decrypts an encrypted string expression (Unicode also) and returns the decrypted string.
    ''' </summary>
    ''' <param name="_string">An encrypted string that will be decrypted.</param>
    ''' <param name="key">A string key for decryption.</param>
    Public Function Decrypt(ByVal _string As String, ByVal key As String) As String
        Dim decryptString As String = ""
        Dim i, i1, ascii As Integer
 
        If _string <> "" AndAlso key <> "" Then
            For Each ch As Char In _string
                i = key.Length - 1
                While i - i1 >= 0
                    ascii = AscW(ch) Xor AscW(key.Substring(i - i1))
                    ch = ChrW(ascii)
                    i -= 1
                End While
                i1 += 1
                If i1 > key.Length - 1 Then
                    i1 = 0
                End If
                decryptString &= ChrW(ascii)
            Next
        End If
        Return decryptString
    End Function
End Class

[Negative0]

XOR encryption like this is not very secure.

Think about it like this:

You say that W is XoRed with S,2,y, which makes it more secure, but
W XOR S XOR 2 XOR Y is no more secure than W XOR 8, because

Code:

W = 87 = 1010111
S = 83 = 1010011
2 = 50 = 0110010
Y = 89 = 1011001
------------------

If we XOR all of those together, we get 1101111

Code:

W = 87 = 1010111
8 = 56 = 111000
-----------------

If we XOR these two together, we get 1101111

W XOR S XOR 2 XOR Y = W XOR (S XOR 2 XOR Y), so to crack it instead of figuring out S,2, and Y, a cracker would have to only figure out the final value of S XOR 2 XOR Y which is 8 and XOR that with W.

Building an application to hack this encryption would be pretty easy, especially if I know that the encrypted value was originally text. I could simply build an algorithm to XOR all values (1 to 256) with the first character. I could then narrow down which are likely choices (i.e. the XoR returns something in the clear text range). I then do that for each subsequent character. I will eventually have a small alphabet for each character to try, and that will result is much fewer permutations that I need to brute force.

Also, since your input string and encrypted string are XORs they have the same number of characters. So I know the exact size of your input string, which can help me determine if I am on the right track.

Finally, if I used this to encrypt text and I used the same key on two different text inputs and they started out the same (i.e. two sentences starting with the word "the"), the first four characters would be encrypted the exact same way.

My suggestion to you, if you want something to go into the code bank would be to utilize some of the built in cryptography methods in the .net environment. They are located in the system.Security.Cryptography class.

[VBDT]

Thanks Negative0 you are absolutely right, it can be cracked very easily. Thanks for your input!