1

I am pretty new to the cryptography scene but I wanted to know if it is possible to use crib dragging on cipher text which doesn't contain words? This data would be encrypted using the same key with a one time pad and the data is encoded using base64 before it is encrypted.

For example,

  • key = [1, 2, 3, 4]
  • message1 = [C, B, D, K]
  • message2 = [H, K, L, U]
  • encryptedMessage1 = [D, D, G, O]
  • encryptedMessage2 = [I, M, O, Y]

(yes I know this isn't exactly base64)

So if we XOR these two encrypted messages together we may or may not get CBDK or HKLU based on the word used for cribbing and even if we do get one how can you verify that it is the correct message?

Again total noob and trying to teach myself. ;)

kelalaka
  • 49,797
  • 12
  • 123
  • 211
Stephen Collins
  • 113
  • 2

2 Answers2

2

Yes, it is possible to use crib dragging. It is easy to prove this: you could just search for the base 64 encoded version of the crib. This would work even if you would simply use search for a recurrence of the crib every 4 characters because that's the amount of base 64 characters that are needed to encode 4 bytes. So the chance of success would be diminished, but it is still possible.

It is also possible to perform crib dragging over byte boundaries in base 64, but then you may need to check for multiple possibilities that could be valid. So the chance of success is much lower if you start in the middle of a base 64 character.

You can of course guess the characters before the crib itself as well, so the extended crib can still be moved across the boundaries. You'd need to guess up to 3 characters though.

Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
-2

No, it's really not base64 encoding :) If the key length is egal to the text, it's an one time pad encryption

how can you verify that it is the correct message?

To answer your question, you can add for example at the begining of the message the sha-md5-crc32 hash of the clear text. The hash would be of course also encrypted.

@Stephen Collins: as the name implies, OTP is only used once. The mask is used only to decrypt a given message and cannot decrypt any other one. Xor gives an offset value to a specific character, if you use this same value on another character it will return you anything.

SEJPM
  • 46,697
  • 9
  • 103
  • 214
guest_posting
  • 1
  • 1