XOR 加密有什么问题? [英] What's wrong with XOR encryption?

问题描述

我编写了一个简短的 C++ 程序来对文件进行 XOR 加密，我可能会将其用于某些个人文件(如果它被破解了，那没什么大不了的——我只是在防止不经意的观众).基本上，我使用 ASCII 密码并反复将密码与文件中的数据进行异或.

I wrote a short C++ program to do XOR encryption on a file, which I may use for some personal files (if it gets cracked it's no big deal - I'm just protecting against casual viewers). Basically, I take an ASCII password and repeatedly XOR the password with the data in the file.

现在我很好奇:如果有人想破解这个，他们会怎么做?会不会很久?是否取决于密码的长度(即大 O 是什么)?

Now I'm curious, though: if someone wanted to crack this, how would they go about it? Would it take a long time? Does it depend on the length of the password (i.e., what's the big-O)?

推荐答案

XOR 加密的问题在于，对于长时间运行的相同字符，很容易看到密码.如此长的运行是文本文件中最常见的空格.假设您的密码是 8 个字符，并且文本文件在某行中有 16 个空格(例如，在 ASCII 图形表的中间).如果您只是将它与您的密码进行异或，您将看到输出将具有重复的字符序列.攻击者只需寻找任何此类，尝试猜测原始文件中的字符(空格将是第一个尝试的候选者)，然后从重复组的长度中推导出密码的长度.

The problem with XOR encryption is that for long runs of the same characters, it is very easy to see the password. Such long runs are most commonly spaces in text files. Say your password is 8 chars, and the text file has 16 spaces in some line (for example, in the middle of ASCII-graphics table). If you just XOR that with your password, you'll see that output will have repeating sequences of characters. The attacker would just look for any such, try to guess the character in the original file (space would be the first candidate to try), and derive the length of the password from length of repeating groups.

二进制文件可能更糟，因为它们通常包含 0x00 字节的重复序列.显然，与这些进行异或是无操作的，因此您的密码将在输出中以纯文本形式显示！.doc.

Binary files can be even worse as they often contain repeating sequences of 0x00 bytes. Obviously, XORing with those is no-op, so your password will be visible in plain text in the output! An example of a very common binary format that has long sequences of nulls is .doc.

这篇关于XOR 加密有什么问题?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！