I must first say that I have never studied cryptography, and all I know about this topic is just basic concepts.
We looked for a quick and easy way to encrypt some data (which will be stored in the database) using a password. I know that the βsafestβ algorithm is AES, but it is probably too complicated for us, and I know that this requires us to obtain permissions from the US government, etc.
We thought of this (simple) algorithm, which reminds me (but I could be wrong) of a kind of "One-time panel". (it is not written in any particular language ... it's just an idea :))
// The string we need to encrypt string data = "hello world"; // Long string of random bytes that will be generated the first time we need to encrypt something string randomData = "aajdfskjefafdsgsdewrbhf"; // The passphrase the user selected string passphrase = "foo"; // Let generate the encryption key, using randomData XOR passphrase (repeating this one) string theKey = ""; j = 0; for(i = 0; i < randomData.length; i++) { theKey += randomData[i] ^ passphrase[j]; j++; if(j == passphrase.length) j = 0; } // Encrypt the data, using data XOR theKey (with theKey.length >= data.length) string encryptedData = ""; for(i = 0; i < data.length; i++) { encryptedData += data[i] ^ theKey[i]; }
On disk, we will then store only randomData and encryptedData. passphrase will be requested from the user every time.
How secure would such an algorithm be? Are there any other ways that can be hacked? I donβt think that statistical analysis will work on this, right? Is it "safe" like a "Disposable Panel"?
Thanks!
source share