I am doing research/ a project on cryptography and how attacks on ciphers work, so I made a simple program to encrypt and decrypt a message, it is based on the one time pad (ie key length == message length), The program encrypts and decrypts the message with no problems but when I try to experiment on it and find the two messages It doesn't seem to work.
when I print out this result it prints out gibberish as expected but how can I get the two message to display?
m1 XOR m2 -> m1, m2
how would XOR'ing m1 and m2 give us both message one and two??
m1 and m2 in my example are both 5 characters in length so the xor of m1 and m2 will produce a result of 5 characters so how could this produce both m1 and m2 which in total would be 10 characters in length?
probably one of the more interesting questions I've asked,
these are just the properties of xor, really. Have a look at swapping 2 numbers via xor for similar example. Or, in short .. a^b = c, c stores a form of both a and b -- if you have C and either A or b, you can get the missing other piece, just like any equation with 3 variables and 2 of them known.
kind of but not particularly , in this scenario we have no knowledge of the key or the plain text/ the variables messageOne or messageTwo. we only have knowledge of the ciphertexts our goal is to find the plain text of both messages from the ciphertexts( this will only work if both ciphertexts were encrypted using the same key)
so to my understanding from reading the article as posted that xor'ing both ciphertexts should give us both messages? but I fail to see how this works and how I could implement it in code
I misread so the result won't give us messageOne and messageTwo but rather the xor of the two messages,
Oh. If you want to get m1 and m2 just from result, you have to do that with educated guesswork really. You can xor m1 and all the words in the english dictionary, for example, and check to see if the result is also in the dictionary. English is so small vs modern computers, you can sometimes back out a message this way -- it wouldnt take a full min to brute force check every 5 letter word against your messages. There isnt some simple math solution to that bit, if I am reading your question right.
given that your key is also plain text, it seems likely the hacker would end up with a set of 6 or more words to choose from. Not a for sure answer, but if its your password, they can try 3 times today and 3 times tomorrow or something and nail it after a bit. This does not work at all if your message is gibberish.
its a LOT easier if the hacker can send his own plaintext message and get the target to encrypt it, so he can see both sides. Modern encryption makes doing that difficult to get the key back even with that much knowledge, but these cheesy techniques won't hold up to that.