Home arrow Security arrow A Sequel to Cryptography

A Sequel to Cryptography

This is the second part of a series covering cryptography algorithms. If by any chance you have missed its first part, I urge you to check it out right now. It is called "An Introduction to Cryptography." In order to understand this article, it is crucial to grasp the concepts explained in that part.

  1. A Sequel to Cryptography
  2. Using XOR on an Example
  3. Breaking XOR Encryption
  4. Conclusions
By: Barzan "Tony" Antal
Rating: starstarstarstarstar / 7
July 24, 2007

print this article



I have promised that in this article I will continue showing you real-world encryption algorithms and more specifically that we are going to XOR. Throughout this part we will find out what exactly is XOR, how to implement it into an encryption algorithm, and ultimately a few techniques for breaking XOR-based encryptions. Does that sound provocative?

Let's move on to the serious stuff. We have algorithms to understand and code, so there's definitely no time to waste. Grab your coffee or energy drink, and let's have fun!

All About XOR

Before we move on, allow me to give you a warning: Keep in mind that the encryption algorithm described in this article is solely for educational purposes. You should not rely on it for top-priority files and/or data. However, the author guarantees that the algorithms presented in this article will not do any harm to your computer- they do not contain any virus, Trojan, worm, spy-ware, mal-ware, or anything that's malicious. Thanks for your time; now we can carry on.

The abbreviation XOR stands for eXclusive OR. It's basically a logical operation; check out its truth-table below. It is true if and only if only one of the operands is true.

Operand p

Operand q

Result p≠q

0 - F

0 - F

0 - F

0 - F

1 - T

1 - T

1 - T

0 - F

1 - T

1 - T

1 - T

0 - F

So let's memorize the definition of XOR: "either of the two, but not both."

"Why is this important to us?" you ask. It is because the XOR algorithm is based on this logical operation. Let me explain. In our algorithm we will proceed through the content of our file and apply the XOR algorithm to each and every byte. When we encrypt we do the following: XOR the plaintext (source file) with the given password. When we decrypt, we XOR the ciphertext (encrypted file) with the given password.

It is crucial to point out that the XOR process is the same for both encryption and decryption. Because we "flip" the bits or bytes on each step we can "deflip" them using the same scheme once again. There are a multitude of variations of XOR.

The following lines represent the heart of our XOR algorithm:

while ((s.read((char*)&c, sizeof(c))))


       if (key[i]=='')


       c=key[i] ^ c;

       d.write((char*)&c, sizeof(c));



Variables: "s" is source; "d" is destination; "c" represents the character that we are going to XOR; "key" stands for the password key. Keep in mind that the key doesn't equal the user-specified key. It goes through the following process to make it acceptable for our XORing algorithm:

for (int i=0; i<255; i++)


scanf("%s",key); int temp=0;

for (i=0;i<255;i++)

{  if (key[i]=='') break;



   strcpy(key_backup, key);

   for (i=temp; i>=0; i--)

       key[temp-i]=key[temp-i] & (~key_backup[i]);

Variables: "key" is the password specified by the user; "key_backup" is the backup of the original "key" string. This process is required to make the password ready to run.

Basically we fill the "key" string with "§" characters before loading the password. Due to this the password gets stored starting from the beginning of the key string and the rest of the 255 positions remain filled with that special character. After this, we apply the following formula to each of characters of the key:

key[temp-i]=key[temp-i] & (~key_backup[i])

Note: The "~" operator stands for the complement of the given value. To specify the complement of a value the computer does the following: it changes all of the 1s to 0s and all of the 0s to 1s from the stored binary address of the aforementioned value. For example: 01111101's complement is 10000010. In the above formula "i" is the start expression of a "for" loop that starts from the length of the key and gets decremented by one until reaches its beginning (zero).

>>> More Security Articles          >>> More By Barzan "Tony" Antal

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Secure Your Business for Data Privacy Day
- Google Testing Security Fob Password Alterna...
- Security News Highlights Concerns
- Going to Extremes for Data Security
- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- What’s behind the curtain? Part II

Developer Shed Affiliates


Dev Shed Tutorial Topics: