From: Nick Hilliard (nick at domain netability.ie)
Date: Mon 18 Jun 2001 - 17:36:53 IST
> Apart from speed, in what way is it any less secure than other reversible
> encryption methods?
The normal reversible encryption methods create output with very high
entropy, whereas applying XOR will not significantly increase the entropy of
the output. In the hands on someone who knows what they're talking about,
this can be used to determine what encryption algorithm is used.
I'm not an expert on this, btw. You should have a look at other sources,
like sci.crypto and comp.security.misc for more authoritative answers. They
regularly blow off about using XOR.
> Assuming no knowledge is available about the distribution of PINs and
> passwords (ie. both are coming from /dev/random)
/dev/random isn't an infinite source of magic randomness. It's an entropy
pool, and every time you remove entropy from it (by reading it), it needs
some time to build itself back up again. If you pull data from it too fast,
then the quality of your "random" data will be bad.
Nick
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:10:43 GMT