Your E/Fp has order 2^3 * 3 * 37991 * 21183269 * 373015308871 * 16071902378831708724506232718210977087913221837027589 and thus you can't hope for more than 86 bits of security due to Pohlig–Hellman, never mind cofactor attacks. encrypt() is also insecure (xor every byte of the message with the same shared secret byte), even if you chose a better curve.
This is much better version of the sibling comment but I'm a message board nerd and can't keep myself from pointing out that this code is probably a little bit tongue-in-cheek.
This is not real encryption, it picks only one byte of shared secret and XORs it into the plaintext. Therefore, there are only 256 possible decryption keys to check, which is trivial.
Instead, you'd want to use the shared secret as a key to something strong and symmetric like AES.
madars|1 year ago
tptacek|1 year ago
leijurv|1 year ago
This is not real encryption, it picks only one byte of shared secret and XORs it into the plaintext. Therefore, there are only 256 possible decryption keys to check, which is trivial.
Instead, you'd want to use the shared secret as a key to something strong and symmetric like AES.
thechao|1 year ago
tptacek|1 year ago
unknown|1 year ago
[deleted]