[vox-tech] Linux's Vulnerability to E-mail Viruses

ME vox-tech@lists.lugod.org
Fri, 26 Apr 2002 03:00:42 -0700 (PDT)


On Thu, 25 Apr 2002 foo@joshuatree.cs.ucdavis.edu wrote:
> Subject: Re: [vox-tech] Linux's Vulnerability to E-mail Viruses
> 
> On Thu, 25 Apr 2002, ME wrote:
> 
> > On Thu, 25 Apr 2002, Rod Roark wrote:
> > > Interesting, I never thought about that before.  The "locking" 
> > > (and corresponding unlocking) could easily be done by xor'ing 
> > > against some string of pseudo-random characters that only 
> > > the encryptor knows how to produce.
> > 
> > The most advanced encryption available is found when you use 2XOR
> > (double-XOR) with your data and the same key.
> > 
> > You also get a huge cost savings in performance, as some stes can be
> > skipped and, 8 bit 2XOR is just as secure as 2048bit 2XOR (assuming the
> > same key in both passes.
> > 
> > (Tongue in cheek - biteing down hard.)
> > 
> > (This would have been better posted April, 1,2002  ;-)
> > 
> > -ME
> 
> Ouch...

Oh! Just so the other list members note, I was not making fun of the
original poster! XOR-ing against a key with equal bit length to the number
of bits being encrypted (so long as the key is not reused "as-is" has been
used before as a form of encryption. (When shorter keys are used or the
same key is used in this simple kind of system is one place where security
can easilu breakdown.) (A shared secret equal in size of the message can
be rather strong - especially for very long messages if the key is not
easily predictable or brute-forced.) 
[For example, I'm Alice sending Bob 8 bytes of data that have been XOR-ed
once against an 8 byte key (non predictable bit sequence). If the key is a
shared secret between us (Bob and Alice) then even the best code crackers
might have a tough time knowing what 8-bytes of intended content were
actually sent. Of course, using an 8-byte key in repeating sequence to
"encrypt" 100 Mb of text file data might be just a little bit weak.

The comment about 2XOR was supposed to be funny, and not making fun of the
posters! (It was their comment that reminded me of this.)

What the poster described is often used to describe earlier encryption
systems, and is often used as part of a step in modern data-hiding.

Sorry if this offended. :-/ That was not the point. It was to bring humor
for other to laugh at my stupid statement, not as an unkind word to their
intelligent realization.

Sorry, :-/
-ME

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html