Slashdot Mirror

← Back to Stories (view on slashdot.org)

Popular Android Package Uses Just XOR -- and That's Not the Worst Part

Posted by timothy on Sunday April 5, 2015 @12:43PM from the ightray-onyay-ethay-urfacesay dept.

siddesu writes A popular "encryption" package for Android that even charges a yearly subscription fee of $8 actually does nothing more than give a false sense of security to its users. Not only is the app using a worthless encryption method, it also uses weak keys and "encrypts" only a small portion of the files. One wonders how much snake oil flows through the app stores, from "battery savers" to "antivirus." What is the most worthless app purchase you made? Did you ask for a refund?

3 of 277 comments (clear)

Min score:

Reason:

Sort:

XOR encyption is uncrackable as long as... by pcritter · 2015-04-05 13:08 · Score: 5, Informative

There's nothing wrong with XOR for encryption as long as your key size is >= plain text size. In fact it's uncrackable!
1. Re:XOR encyption is uncrackable as long as... by Anonymous Coward · 2015-04-05 13:18 · Score: 5, Informative
  
  And you NEVER reuse that key.
"XOR"? WTF? This thing is a "Vigenère cipher" by gweihir · 2015-04-05 16:58 · Score: 5, Informative

You could at least have some minimal accuracy in the stories. XOR is not a problem and perfectly secure if used with a secure key-stream, like is done in modern stream ciphers. The problem here is that this is a "Vigenère cipher", where a very short, repeating key-stream is used. It was designed in 1553 and a general break was published in 1863.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.