### simple encryption program problem

Hey guys,

I am doing research/ a project on cryptography and how attacks on ciphers work, so I made a simple program to encrypt and decrypt a message, it is based on the one time pad (ie key length == message length), The program encrypts and decrypts the message with no problems but when I try to experiment on it and find the two messages It doesn't seem to work.

I am following the theory below

what I try to do is xor the two cipher texts and I should get the xor of messageOne and messageTwo

 c1 XOR c2 = m1 XOR PRG(k) XOR m2 XOR PRG(k) = m1 XOR m2

when I print out this result it prints out gibberish as expected but how can I get the two message to display?

 m1 XOR m2 -> m1, m2

how would XOR'ing m1 and m2 give us both message one and two??

m1 and m2 in my example are both 5 characters in length so the xor of m1 and m2 will produce a result of 5 characters so how could this produce both m1 and m2 which in total would be 10 characters in length?

probably one of the more interesting questions I've asked,

Thanks

 ``123456789101112131415161718192021222324252627282930313233343536373839404142434445`` `````` #include using namespace std; string encryptDecrypt(string message,string key){ string cipher; if(message.length() != key.length()) return NULL; for(int i = 0; i < message.length(); i++){ char temp = message.at(i) ^ key.at(i); cipher+= temp; } return cipher; } int main() { string messageOne = "hello"; string messageTwo = "world"; string key = "seven"; string cipherOne; string cipherTwo; string result; string resultTwo; // encrypts messageOne / m1 cipherOne = encryptDecrypt(messageOne,key); // encrypts messageTwo / m2 cipherTwo = encryptDecrypt(messageTwo,key); // xors both cipher texts result = encryptDecrypt(cipherOne,cipherTwo); cout << "result : " << result << endl; // what next to get the plain text of m1 and m2? } ``````
encryptDecrypt(cipherOne,key); //gets it back but not sure if this is what you wanted. Pretty sure it isnt. hang on.

cout << encryptDecrypt(result, messageOne);
cout << encryptDecrypt(result, messageTwo);

is that what you want to see?

these are just the properties of xor, really. Have a look at swapping 2 numbers via xor for similar example. Or, in short .. a^b = c, c stores a form of both a and b -- if you have C and either A or b, you can get the missing other piece, just like any equation with 3 variables and 2 of them known.
Last edited on
If you like decrypting and attacks on ciphers work, you may like this challenge:
http://www.cplusplus.com/forum/general/252083/
Hi Jonnin

kind of but not particularly , in this scenario we have no knowledge of the key or the plain text/ the variables messageOne or messageTwo. we only have knowledge of the ciphertexts our goal is to find the plain text of both messages from the ciphertexts( this will only work if both ciphertexts were encrypted using the same key)

so to my understanding from reading the article as posted that xor'ing both ciphertexts should give us both messages? but I fail to see how this works and how I could implement it in code

I misread so the result won't give us messageOne and messageTwo but rather the xor of the two messages,

in the above link it doesn't explain how the plain text of the messages are got,

so we have the xor of messageOne and the xor of messageTwo, what's the next step to get the plain text?

thanks
Last edited on
Oh. If you want to get m1 and m2 just from result, you have to do that with educated guesswork really. You can xor m1 and all the words in the english dictionary, for example, and check to see if the result is also in the dictionary. English is so small vs modern computers, you can sometimes back out a message this way -- it wouldnt take a full min to brute force check every 5 letter word against your messages. There isnt some simple math solution to that bit, if I am reading your question right.

given that your key is also plain text, it seems likely the hacker would end up with a set of 6 or more words to choose from. Not a for sure answer, but if its your password, they can try 3 times today and 3 times tomorrow or something and nail it after a bit. This does not work at all if your message is gibberish.
Last edited on
great point Jonnin :)

yeah so it comes to to deduction after that point
its a LOT easier if the hacker can send his own plaintext message and get the target to encrypt it, so he can see both sides. Modern encryption makes doing that difficult to get the key back even with that much knowledge, but these cheesy techniques won't hold up to that.