top | item 41475767

(no title)

leijurv | 1 year ago

`for char in message: encrypted_char = ord(char) ^ (shared_secret[0] % 256)`

This is not real encryption, it picks only one byte of shared secret and XORs it into the plaintext. Therefore, there are only 256 possible decryption keys to check, which is trivial.

Instead, you'd want to use the shared secret as a key to something strong and symmetric like AES.

discuss

thechao|1 year ago

Any idiot knows not to use power-of-two! You gotta use "+13", which is prime and, therefore, *secure*.

BobbyTables2|1 year ago

And Twice is nice!

tptacek|1 year ago

I don't think it's meant to be real encryption.

leijurv|1 year ago

I suspect it was, given that they've now deleted their comment.