RC4 is also a stream cipher, which means you don't need to worry about breaking your cleartext into blocks, padding them out... and other related pain.
If you do use RC4, you should be aware that it has some vulnerabilities.
Python:
def RC4(data, key):
x = 0
s = range(256)
for i in range(256):
x = (x + s[i] + ord(key[i % len(key)])) % 256
s[i], s[x] = s[x], s[i]
x = y = 0
out = ""
for c in data:
x = (x + 1) % 256
y = (y + s[x]) % 256
s[x], s[y] = s[y], s[x]
out += chr(ord(c) ^ s[(s[x] + s[y]) % 256])
return out
C#:
using System;
public class RC4
{
static public void Cipher (ref byte[] bytes, string skey)
{
var key = System.Text.ASCIIEncoding.ASCII.GetBytes(skey);
byte[] s = new byte[256];
byte[] k = new byte[256];
byte temp;
int i, j;
for (i = 0; i < 256; i++) {
s[i] = (byte)i;
k[i] = key[i % key.GetLength (0)];
}
j = 0;
for (i = 0; i < 256; i++) {
j = (j + s[i] + k[i]) % 256;
temp = s[i];
s[i] = s[j];
s[j] = temp;
}
i = j = 0;
for (int x = 0; x < bytes.GetLength (0); x++) {
i = (i + 1) % 256;
j = (j + s[i]) % 256;
temp = s[i];
s[i] = s[j];
s[j] = temp;
int t = (s[i] + s[j]) % 256;
bytes[x] ^= s[t];
}
}
}
6 comments:
Simple is good, but if your data is valuable enough to protect, you should protect it. RC4 is considered broken, and the situation worsens without the use of a nonce.
Modern day stream ciphers like Salsa20/12 and ChaCha8 offer true 128-bit protection and avoid the many foibles of RC4. ...and they can be faster than RC4.
If your concern is the amount of code you need to write, remember that you don't need to write it. Consider using/importing already written Python modules. There are several that are free for any use. Here is one.
http://buggywhip.us
Likewise for C#. Google found this C# implementation. I see there others.
http://code.logos.com/blog/2008/06/salsa20_implementation_in_c_1.html
More...
http://en.wikipedia.org/wiki/Salsa20
http://cr.yp.to/streamciphers/attacks.html
Larry
Writing your implementation == bad. Always rely on well known, well tested libraries.
@Anonymous That's a bit of a daft attitude, and a fine way to learn nothing at all. Besides...
"I do a lot of work in restricted environments"
Sometimes you don't have a choice.
It's worth noting that the C# code can easily be ported to any .net language. It's not C# specific.
Hey Simon,
How are you doing?
I found your post really interesting, I think that a weak encryption is better than no encryption at all.
Thanks and keep up the good work
Hey Simon,
How are you doing?
I found your post really interesting, I think that a weak encryption is better than no encryption at all.
Thanks and keep up the good work
Post a Comment