Slashdot Mirror
Popular Android Package Uses Just XOR -- and That's Not the Worst Part
siddesu writes A popular "encryption" package for Android that even charges a yearly subscription fee of $8 actually does nothing more than give a false sense of security to its users. Not only is the app using a worthless encryption method, it also uses weak keys and "encrypts" only a small portion of the files. One wonders how much snake oil flows through the app stores, from "battery savers" to "antivirus." What is the most worthless app purchase you made? Did you ask for a refund?
CTIA - "The Best App of CTIA by the Techlicious 2012 Best of CTIA Awards"
PC Magazine - "PC Magazine Best Apps"
TRUSTe - Received "TRUSTe Privacy Seal"
Global Mobile Internet Conference App Space - "A top 50 app"
Thanks, I will take a note to never trust these web site reviews.
Unless it's used with ROT13.
Get free satoshi (Bitcoin) and Dogecoins
Also its implemented directly in the CPU, so both encryption and decryption are very fast.
http://michaelsmith.id.au
I mentioned to the subscription that Microsoft used Rot13 to "encrypt" some registry entries in version W2K (I think was the version)
After reading bout XOR, ROT13 would be just about as good.
Not familiar with ROT13? = Abg snzvyvne jvgu EBG13?
There's nothing wrong with XOR for encryption as long as your key size is >= plain text size. In fact it's uncrackable!
If the key is as long as the message, XOR is not that weak.
Slashdot, fix the reply notifications... You won't get away with it...
I experimented with my old flip phone for a few days just to see if I could really go back and discovered that I found myself missing basic smartphone functionality, like threaded SMS conversations. It took all of five minutes for that to annoy the piss out of me. Then there's the smartphone functionality that has become a key part of my daily routine, like my exercise diary, the Wegmans app, my food diary, Google Maps, weather, and so forth. These are all apps that have value for productivity and/or health, not time sinks like Facebook or Angry Birds. They're worth the $30/mo premium, IMHO anyway.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
I think Slashdot should take down this article. Under the DMCA it's illegal to bypass flimsy methods intended to enforce security.
In fact, it's unbreakable if you do it right. (http://en.wikipedia.org/wiki/One-time_pad)
I'm disappointed that the person who submitted the story said "Just XOR".
F-Droid is a true friend. And that's a rare thing in these circles.
~.~
I'm a peripheral visionary.
Same here, kinda. I ended up sticking with the flip phone because I just found the issues I had with using Android devices as telephones bad enough for me to stick with it, but yeah, there's a lot of basic stuff you miss, that you kinda wonder why no efforts have been to update flip phones to have at least some of the functionality of their power-sucking overloaded not-quite-optimal-for-phone-calls-UI-encumbered cousins.
Would it really be a problem adding Wifi support, with things like the ability to sync contacts and other PIM stuff add that much to the costs of devices?
Many things you mention are better done by a dedicated tablet device, but it's a shame that I have to make the choice between a shitty phone that's integrated with the rest of the world, and a good useful phone that I have to manually copy phone numbers to and from or else find awkward Bluetooth applications that never quite work correctly to update.
You are not alone. This is not normal. None of this is normal.
Have fun living in the past.
Here's the reasons my smartphone is extremely valuable to me:
1) Mobile internet access / WiFi hotspot: I can use my phone to give my laptop internet access anywhere there's cellular data service available.
2) Camera: it's not as good as a dedicated camera, but it's better than no camera at all, and is really handy for taking quick photos of things if image quality isn't paramount. Also can take reasonably good videos. You never know when you'll need to film the cops beating someone.
3) Email access: While definitely not as powerful as reading it and typing on my laptop, it's handy to be able to check my email on-the-go.
4) Voice mail: With Google Voice, I can see a transcript of people's rambling voicemail messages. I can read them in seconds, instead of having to waste time listening to them drone on and on.
5) Games: I like doing crosswords when I'm stuck somewhere and bored and have nothing better to do. The "Shortyz" app is brilliant for this.
6) Weather: My phone tells me what the temperature in my zipcode is, and can easily bring up further weather info. It's nice knowing what the high and low will be without having to watch the weather report on TV like in the bad old days, or having to get to a computer to look on a weather website.
7) Google Maps: I use this for navigation all the time. I really don't know how I ever got along without it; oh yeah, I do know, it was horrible, as I had to mess around with paper maps, stopping and asking for directions, making wrong turns, getting lost, etc. Maybe if you never leave your little town or go anywhere new, you won't see the point of this, but for those of us who travel a lot and move frequently it's a godsend. It's also amazingly useful for finding businesses, looking up their phone numbers, seeing their hours at a glance, etc.
8) Texting: For close friends this is pretty handy for staying in touch at times, though I don't use it that much. Smartphones make this better with an actual (on-screen) keyboard, instead of the shitty dumbphone method of using the 0-9 keypad to try to type messages.
9) Playing music (like a "walkman" if you remember those): I can store my entire music collection in my phone and play anything I want through headphones, like when I'm at the gym. No need for a separate iPod. You can also use internet music services like Pandora.
10) Alarm clock: I not only don't need a separate alarm clock, I can set multiple alarms for all kinds of different events. It also has a stopwatch and a countdown timer.
11) Calculator: With the "RealCalc" app, I have an on-screen calculator and looks and works a lot like my old HP-48G RPN calculator.
12) Flashlight: It's handy to have a flashlight on hand sometimes.
13) Uber/Lyft: With these apps, you can call up a ride easily, see where the car is, and pay for it all with your phone and without having to mess around with calling for a cab and talking to people.
If you don't see the need for a smartphone, you probably live an extremely simple life consisting mostly of sitting in a rocking chair on your porch and watching the world go by all day long. For those of us who aren't retired and idle, it's an enormous convenience.
If the key is as long as the message, XOR is not that weak.
As long as the key is as long as the message, and all of the key is unpredictable, and is never reused, then you have a provably unbreakable encryption system called a one-time pad. However, if you ever reuse the key someone can XOR the two ciphertexts together and the result will be the XOR of the two plaintexts, which can often be disentangled. Also, if the key is somewhat predictable, plaintext can be recovered. The US actually managed to decrypt some texts encrypted with a Russian one-time pad system, because the keys were produced by humans pounding "randomly" on typewriters... except humans aren't very good at generating random keystreams.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Comment removed based on user account deletion
And what data structure do you have lying around at encryption time that's as long as the plaintext?
That's right, the plaintext. Use that as your one time pad. It saves you the headache of generating high-quality randomness if you just XOR the plaintext with itself.
The resulting ciphertext is not only theoretically unbreakable without the key, it is also highly compressible for economical transmission.
You could at least have some minimal accuracy in the stories. XOR is not a problem and perfectly secure if used with a secure key-stream, like is done in modern stream ciphers. The problem here is that this is a "Vigenère cipher", where a very short, repeating key-stream is used. It was designed in 1553 and a general break was published in 1863.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.