[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: maximizing cryptographic return



> I was wondering how secure the following algorithm would be for phone
> calls: suppose that at the beginning of each session, the random
> key is traded using RSA or some other very secure approach. the
> key is a *random bit width*, say 100-6000 bits. now, my question is,
> I wonder if some very cheap algorithms, in terms of computation time,
> could be used for the "on the fly" encryption of the voice using those
> bit. would XOR with the pad be totally out of line? 
> 
> the situation is such that trivial algorithms such as XOR with  *unlimited
> cyphertext* can be broken quite trivially. but it seems to me this
> dogma that "XOR is WEAK" is based on the premise that you have a huge
> amount of cyphertext to play with. take away this premise, that you
> have a session key that is guaranteed to really give you very little
> cyphertext, do these supposedly "weak" algorithms then become pretty
> secure?

No, XOR is weak if used even twice.  If you XOR the two pieces of
cyphertext with each other, you get the two plaintexts XORed.  I'd
be willing to bet that the human ear can understand two audio signals
XORed.  Certainly with practice people can understand audio that has
been encrypted with frequency inversion.  Pre-encryption compression
would solve this, but XOR is still very weak.