1

I was just thinking about this and couldn't seem to find anything on it online.

So the idea I had was this:

Generating a random key of some length. Then hashing this key with SHA256 (or something of similar security), then looping through each byte of the hash and each byte of the text and doing an XOR operation with both of these bytes, generating a new byte. Then stringing these new bytes together to create a cipher text. This can be easily reversed if you know the key.

My questions:

How secure would this potentially be? Other considerations? Advice on improvements to the system?

Thanks!

theflamingtiger
  • 13
  • 2

2 Answers2

0

Yes, this essentially works (up to fixing small issues). One notable issue is that your hash will be the same each time, so you can recover it using a known plaintext attack, then forge messages freely.

Another small issue is that you can only encrypt messages as long as the output length of your hash.

Both of these can be fixed by sampling a random IV, and then hashing IV||key rather than the key. If you want to encrypt multiple blocks, either hash using an extendible output function, or hash IV||key, (IV+1)||key, etc.

This construction is just (randomized) counter mode, where we are using a hash function as a PRG. As our hash needs pseudorandomness properties, this is only secure in the random oracle model, and our hash must be good as a random oracle.

Mark Schultz-Wu
  • 15,089
  • 1
  • 22
  • 53
0

This is completely equivalent to Vigenere with size of key $256$ (and the Vigenere Key will the hash of your key). Then it's not secure at all.

For example let suppose I know the first 256 bits of your message. Then I can deduce the full $h(k)$.

And even I don't know $k$, I can retrieve the full message.

Of course, if you message is exactly $256$ bits, you have perfect security (it's a one-time pad).

Ievgeni
  • 2,653
  • 1
  • 13
  • 35