Jano Svitok
10/28/2006 8:46:00 PM
On 10/28/06, Josef 'Jupp' Schugt <jupp@gmx.de> wrote:
> dc wrote:
> > I need to encode some data with a userID and then also be able to
> > decode it with the same key.
> > This is basically a quick approach to obfuscate URLs. Its for an
> > environment where we know the users ID with some degree of
> > certainty.
>
> Simple obfuscation can be done by XORing a keyword. On a binary layer
> this works as follows:
>
> Calling Key K, Original messages O, transmitted Message T here's a
> binary example:
>
> K = 1010
> V = 1001010111101001
>
> 1001010111101001
> 1010101010101010
> 0011111101000011
>
> T = 0011111101000011
>
> In this particular encoding is not secure because K is not random and
> much shorter than V. In contrast to false rumors XOR coding is not
> inherently insecure. Quite the opposite is true: When K is perfectly
> random and at least as long as V the coding is the only one known to
> mankind that can be mathematically proved to be unbreakable.
> According to certain sources the XOR encoding with perfectly random K
> is used for the launch command for nuclear SMBs (submarine based
> missiles). That may be an uran legend. A fact is that many programs
> that allow you to password-encode a file actually XOR the file's
> content with the Password. Which means that a more random and longer
> passwords results in a more secure encoding.
>
> ?????
>
> Jupp
I'd say: if obfuscation is enough, do base64encode.reverse and if not,
use AES from OpenSSL