0

I currently informed myself about encryption a lot. And I wonder, whether it would be good to toggle some bits (XOR and bitmasks) at a known position in the encrypted byte array and to toggle them again before decrypting them.

Because even if you know the algorithm and the key it wouldn't be possible to decrypt them propably without knowing where to toggle the bits wouldn't it?

MinecraftShamrock
  • 3,504
  • 2
  • 25
  • 44

2 Answers2

2

The bit-toggling becomes part of the algorithm, so if "they know the algorithm" comes to include which bits were toggled.

It does become marginally harder to find out that "the algorithm", but this gain is small. If they can get their hands on the key, I think your problem is somewhere else...

There are some disadvantages to this as well. First, you may introduce security flaws in the system. I don't think this will happen, but I don't know I won't, and in security you should assume you might cause security flaws unless you know you won't.

The second problem is that if you make a mistake here somewhere it is possible to corrupt data. Of course, rigid testing will make sure that a mistake won't make it to production, but it just isn't as safe as using the functionality of a security library.

Lastly, there is the problem that your code and data will be harder to work with. If you need to work with it in the future, or someone has to work with it, it'll probably take more effort than it otherwise would have.

Those aren't big things, but I'd say more than the gain. At the end of the day, this is little more than "security through obscurity", so no, I wouldn't say it is a good idea.

Jasper
  • 11,590
  • 6
  • 38
  • 55
  • But it's just a minimal change in the code so why not? If it just brings me a minimal amount of security it's still worth it if I just have to add 5 or 10 lines of code. They can't get the hands on the key. That was just an example. But still... in this case it would help a little bit. – MinecraftShamrock Jan 19 '14 at 18:46
  • Security through obscurity isn't security at all. – Jasper Jan 19 '14 at 18:48
  • But why not? It is easy to implement and it just makes it a little little minimal little bit harder to read my messages. If not, please explain it to me (I'm new to this topic) – MinecraftShamrock Jan 19 '14 at 18:59
  • I see. Thank you. How much harder would it actually become to hack the messages? How would they (the hackers) handle this problem? – MinecraftShamrock Jan 19 '14 at 19:05
  • Since they are getting the keys, they might as well get your code as well. Seriously, making sure they don't get their hands on the keys is far more important than things like this. – Jasper Jan 19 '14 at 19:09
  • Isn't it much easier to get the data transfer than to get the source code? – MinecraftShamrock Jan 19 '14 at 19:13
  • If you're transferring the keys, you're generally doing something wrong. – Jasper Jan 19 '14 at 19:14
  • I don't transfer any keys. But you said they might get my code as well. How in the world should they get the source code of my application? – MinecraftShamrock Jan 19 '14 at 19:15
  • The correct question is: How in the world should they get your keys? (I made the assumption that they need just about complete access to your machine, which means they can get your code as well). – Jasper Jan 19 '14 at 19:18
  • Oh, I see. But they "could" actually get the key by guessing. And even if they would guess the right key, they wouldn't notice that it was the right key because they didn't toggle the right bytes. – MinecraftShamrock Jan 19 '14 at 19:21
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/45589/discussion-between-jasper-and-minecraftshamrock) – Jasper Jan 19 '14 at 19:22
0

You need to look at Kerckhoff's Principle. Any crypto-system needs to be secure, even if the attacker knows the entire algorithm. Only the key must be kept secret. Your bit-twiddling is part of the algorithm, and so will be known to any enemy.

Consider AES. There are public papers describing in great detail exactly how AES works: NIST AES Description. That description of the algorithm is public, yet AES is still secure because if follows Kerckhoff. You need to make sure that your algorithm is secure. Simple bit-twiddling as you describe will not make an insecure algorithm secure. Any attacker will know what bits to twiddle and can untwiddle them and break the underlying insecure cypher.

As an alternative, you could add the bitmask you use to the key. This increases the key size and the processing time for very little security gain. There are usually better ways to increase the security of a cypher, such as adding more rounds.

rossum
  • 15,344
  • 1
  • 24
  • 38
  • Okey. But Kerckhoff's principle is just a principle. So why should the attackers know where they have to toggle bits? – MinecraftShamrock Jan 19 '14 at 19:40
  • @MinecraftShamrock If the bit toggling is part of the algorithm, then the attackers are always assumed to know it -- the bit toggling will be in NIST's public description of the algorithm. – rossum Jan 19 '14 at 19:59
  • Sure. But if I do the bit toggling in addition to the algorithm they can't get the information from anywhere if I don't publish it. – MinecraftShamrock Jan 19 '14 at 20:34
  • @MinecraftShamrock: Then the bit toggling is part of the key, and Bob will need the correct information passed to him secretly before he can correctly decrypt the cyphertext. Read-up about "key whitening", which is very similar to what you are talking about if you are using the key. Twofish uses both input whitening and output whitening. – rossum Jan 19 '14 at 21:02