Edit AllPages

Here’s a CheesyXOREncryption scheme, which I call a “scrambling” scheme, since I don’t like suggesting this is some kind of secure encryption. This snippet originally appeared in the ProtectingResources page

// scramble // written by Michael Trent for // // scramble is a very cheesy function that scrambles a stream of binary data // into a second buffer of identical size. the process can be reversed by // reversing the inputs. you can also use the same buffer as both src and dst. // key controls the specific stream used to scramble the data. // // BUGS: // key is only 32 bits, which is lame. // scramble uses random() as its generator function, which is lame // entire src buffers must be scrambled at once; it’s not re-startable.

#include #include

void scramble(unsigned long key, const unsigned char *src, unsigned char *dst, size_t size) { // seed our generator function srandom(key);

// while data remains in src
while (size) {
// pull an unsigned 32-bit value
unsigned long scrambler = random();

// scramble!
if (size > 4) {
    *(unsigned long*)dst = *(unsigned long*)src ^ scrambler;
    src += 4; dst += 4; size -= 4;
} else {
    unsigned char *scr = (unsigned char*)&scrambler;
    while (size) {
	*dst++ = (*src++) ^ (*scr++);
	size -= 1;

// clear our generator function
srandom(0); }

Note this function is fully symmetrical; if you call the function twice on the same buffer, that buffer will appear unchanged. Here’s a cheesy test driver:

int main (int argc, const char * argv[]) { char input[30] = “Here is some data to scramble!”;

printf("%s\n", input);

scramble('lame', input, input, 30);

// doing this messes up my terminal. but you get the idea.
//printf("%s\n", input);

scramble('lame', input, input, 30);

printf("%s\n", input);

return 0; }

This is regarded as unsafe as someone versed in exclusive-or encryption algorithms could make short work of this algorithm via brute-force, especially if they knew what the encrypted contents actually were. Really, the only twist here is that we’re XOR-ing with a generating function, instead of just using the same scrambler (such as just using ‘key’) across the whole buffer. Unfortunately, we’ve picked a fairly obvious generating function: random().

You could probably shore this up by using a better generating function than random(), preferably one that can be seeded with more than 4-billion seeds.

– MikeTrent