Slashdot Mirror

← Back to Stories (view on slashdot.org)

Popular Android Package Uses Just XOR -- and That's Not the Worst Part

Posted by timothy on from the ightray-onyay-ethay-urfacesay dept.

siddesu writes A popular "encryption" package for Android that even charges a yearly subscription fee of $8 actually does nothing more than give a false sense of security to its users. Not only is the app using a worthless encryption method, it also uses weak keys and "encrypts" only a small portion of the files. One wonders how much snake oil flows through the app stores, from "battery savers" to "antivirus." What is the most worthless app purchase you made? Did you ask for a refund?

7 of 277 comments (clear)

  1. XOR encyption is uncrackable as long as... by pcritter · · Score: 5, Informative

    There's nothing wrong with XOR for encryption as long as your key size is >= plain text size. In fact it's uncrackable!

    1. Re:XOR encyption is uncrackable as long as... by Anonymous Coward · · Score: 5, Informative

      And you NEVER reuse that key.

    2. Re:XOR encyption is uncrackable as long as... by meloneg · · Score: 4, Informative

      And it's generated from a quality source of entropy.

    3. Re:XOR encyption is uncrackable as long as... by gman003 · · Score: 4, Informative

      And the key remains private.

  2. Re:The big advantage of XOR by ShakaUVM · · Score: 4, Informative

    In fact, it's unbreakable if you do it right. (http://en.wikipedia.org/wiki/One-time_pad)

    I'm disappointed that the person who submitted the story said "Just XOR".

  3. Re:Web sites by macklin01 · · Score: 4, Informative

    Here's the TRUSTe info:

    http://privacy.truste.com/privacy-seal/NQ-Mobile-US-Inc-/validation?rid=e0f97027-af9a-4b8a-91b5-2a33c58a520a

    It only seems to cover security/privacy of their ecommerce site. So, their shopping cart may be secure, but it says nothing about app security as they seem to imply in their press releases, etc.

    --
    OpenSource.MathCancer.org: open source comp bio
  4. "XOR"? WTF? This thing is a "Vigenère cipher" by gweihir · · Score: 5, Informative

    You could at least have some minimal accuracy in the stories. XOR is not a problem and perfectly secure if used with a secure key-stream, like is done in modern stream ciphers. The problem here is that this is a "Vigenère cipher", where a very short, repeating key-stream is used. It was designed in 1553 and a general break was published in 1863.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.