Abusing the Internet of Things

(Rick Simeone) #1
00101000
--------

The result is 00101000 in binary, which is the decimal 40, whose ASCII value is (. This
explains why the program output is ($-. (Feel free to repeat this manual exercise for the
remaining two characters: you should come up with $ and -.)
In our case, the encryption key was KEY and the clear-text data was the word cat, resulting
in the cyphertext ($-. Anyone who knows the cyphertext and is in possession of the key KEY
can decrypt ($- back to the clear-text cat. Let us make sure this works:


#include <stdio.h>
int main()
{
char string[4]="($-";
char key[4]="KEY";
for(int x=0; x<3; x++)
{
string[x]=string[x]^key[x];
printf("%c",string[x]);
}
printf("\n");
return 1;
}

Let’s compile and run the program:

$ gcc xor2.c -o xor2
$ ./xor2
cat

This is a simple and easy description of how XOR works. Of course, in our case, we used
a key of the same length as the clear-text data so that the example is easy to understand. In
real life, it is important to use a longer key; otherwise, it becomes easy for an attacker to guess
the key with brute force. If the data is longer than the key, the key is repeated to match up
with the data. XOR is a very strong encryption algorithm when the key is a one-time pad (i.e.,
if the key never repeats and is as long as or longer than the data).


YOU CALL THAT ENCRYPTION? 131
Free download pdf