Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

OTP/XOR Cracking two ciphertexts that have the same key

Tags:

cryptography

xor

one-time-password

cracking

How can I crack two ciphertexts that have used the same key twice? For example, plaintext1 uses the key "abcdefg", and plaintext2 uses the key "abcdefg".

I know that ciphertext2 ^ ciphertext1 is equal to plaintext1 ^ plaintext2. And the method to crack plaintext1 ^ plaintext2 is the same method to crack a "book cipher" (also sometimes called a "running key cipher", although a running key cipher isn't the same as a book cipher, right?)

I know that I'm supposed to use a dictionary attack, but I'm not sure which dictionary/wordlist I should use, and the algorithm used in cracking this. Can anyone provide me with a link, or some code that shows how to crack it?

I'm new to cryptography, and I just wanted to do this for fun. Can anyone help me out? Thanks.

like image 236
Mateen Ulhaq Avatar asked Sep 20 '10 02:09

Mateen Ulhaq

People also ask

What happens if you reuse one-time pad?

Once the one-time pad is used, it cannot be reused. If it is reused, someone who intercepts multiple messages can begin to compare them for similar coding for words that may occur in several messages. A simple example of how a one-time pad works is shown in the example below.

Why reusing keys makes OTP insecure?

The security of the OTP relies on the randomness of the key. Unfortunately, the randomness of a key cannot be proved. The key must never be reused. Use of the same key to encrypt different messages, no matter how trivially small, compromises the cipher.

What is a 2 time pad?

The general rule of cryptography says that one should never use the same keystream characters more than once. Otherwise, the cipher starts to be vulnerable to ciphertext-only attacks.

What is XOR one-time pad?

The One Time Pad encryption method is a binary additive stream cipher, where a stream of truly random keys is generated and then combined with the plain text for encryption or with the ciphertext for decryption by an 'exclusive OR' (XOR) addition.

1 Answers

The most common attack is to "slide" a common (but not too short) word along and XOR it against successive positions in the combined stream. Where the word was used in one stream, the XOR will (usually) produce readable text for the other stream.

like image 117
Jerry Coffin Avatar answered Oct 12 '22 13:10

Jerry Coffin
Sign in to Comment

Related questions

Your imagination required: How to encrypt a file so that spending an amount of bitcoins is required for the decryption
Generating RSA-SHA1 signatures with JavaScript
How do you plot elliptic curves over a finite field using matlab
PGP Service for .NET Allowing Arbitrary Keys
is bcrypt improved with hmac'd passphrase?
python crypto rsa issue
Bespoke JCE Provider on IBM AIX
Validate Mandrill's X-Mandrill-Signature
Access keys from browser store using webcrypto api
How to use Shamir Secret Sharing Class in Crypto++
I'd like to understand Java's SecureRandom object
System.Security.Cryptography.CryptographicException: Keyset does not exist thrown within Visual studio
How to store symmetric secret key in Java PKCS12 keystore
How to generate AES/CBC/PKCS5Padding encrypted cipher in angularJs
Issue encrypting with PHP (openssl_encrypt), then decrypting with JS (CryptoJS)
Signing a message digest using BouncyCastle
Generating the same SHA1 UUID in golang and Javascript
why AES java decryption return extra characters?
Extracting the public key from the private key
C# signature verification using ECDSA with SHA256 certificate

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!