Weekly edition Kernel Security Distributions Contact Us Search Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

# Web-(developer)-oriented Crypto Algorithm

## Web-(developer)-oriented Crypto Algorithm

Posted Aug 10, 2013 20:15 UTC (Sat) by geofft (subscriber, #59789)
In reply to: Web-(developer)-oriented Crypto Algorithm by martin_vahi
Parent article: Gräßlin: FLOSS after Prism: Privacy by Default

You claim that the advantage of TXOR is that it's "computationally efficient to use within text processing oriented scripting languages". But this sort of processing goes back into arithmetic on the character values, and your algorithm has three arithmetic operations (add, subtract, and mod), whereas XOR only has one (XOR). So I expect it to be less computationally efficient than XOR.

Here's some quick anecdata in line with that, in Python 3:

```>>> str1 = ''.join(chr(random.randint(0, 0x10ffff)) for i in range(4096))
>>> str2 = ''.join(chr(random.randint(0, 0x10ffff)) for i in range(4096))
>>> def xor(a, b):
...   return chr(ord(a) % ord(b))
...
>>> def txor(a, b):
...   return chr((ord(b) - ord(a) + 0x110000) % 0x110000)
...
>>> time.clock()
66.14
>>> for i in range(1000):
...   _ = ''.join(xor(c1, c2) for (c1, c2) in zip(str1, str2))
...
>>> time.clock()
69.41
>>> for i in range(1000):
...   _ = ''.join(txor(c1, c2) for (c1, c2) in zip(str1, str2))
...
>>> time.clock()
73.12
```

So 3.27 seconds for the XOR version, and 3.71 for the TXOR version. (I ran this a few times to avoid cold-cache effects and got the same values to within a few hundredths of a second.)

Besides, any serious use of encryption should be passing off the string as a binary string to an existing encryption library using an existing encryption mode, which should be doing all the XORs in C. There's generally no good reason to be implementing this yourself in a high-level language, and definitely no good reason to be using one-time pads directly.