Score:2

Nexor, an encryption algorithm that promises unlimited key sizes: Is it safe?

pf flag

My intention is not to make spam here, but I came across this project in Github: https://github.com/andrewhodel/nexor

It's an algorithm called Nexor, it promises encryption with unlimited key sizes.

The only problem is that it lacks pseudo-random permutation (PRP).

Can some advanced user or cryptanalyst tell me if it's safe?

Paul Uszak avatar
cn flag
How do you make a million bit key? I can (easily), but how does Nexor? Oh, hi.
phantomcraft avatar
pf flag
Generate a output from /dev/hwrng if your processor has a TRNG and use as a OTP.
Score:10
si flag

Looking very briefly at the source, it's just using the output of /dev/urandom to generate keys, then using that as a (poor) One-Time Pad. /dev/urandom is just a ChaCha20-based RNG with some decent seeding from various hardware entropy sources.

This is not secure. The key is the same length as the plaintext, but the keystream is derived from the 512-byte internal state of ChaCha. So instead of having to transmit one message over a secure channel after using this tool you'd have to transmit two, and you're still bound by the size of the internal state of ChaCha. You could get the same security by just encrypting with ChaCha20, and could get even better security (resistance against active attacks) by encrypting with ChaCha20-Poly1305.

I recommend using age (Actually Good Encryption) for encrypting files. It's actually a good use of ChaCha20-Poly1305.

Paul Uszak avatar
cn flag
Absolutely _no_ criticism Carl, but this forum must at some point debate at what point do you 'roll your own' encryptions vs 'standard' libraries. 'Own' are even marketed on this site. Note that there is no other field of human endeavour where everything is placed into one basket. Cui bono?
SAI Peregrinus avatar
si flag
I agree that rolling one's own can be valuable! It's excellent as a learning process, it's sometimes necessary for new functionality (implementing research), sometimes it's good and well done for a new library with appropriate review (like age, or monocypher, or minisign in the last few years). But *this* library isn't a secure stream cipher, it's not a secure OTP, and it has no advantages over a more established system. It's not even obviously a learning exercise. I think having options are good, but I also think having strong defaults among those options is good!
SAI Peregrinus avatar
si flag
Also, I try to shape my answers based on the apparent experience of the questioner. For you, I certainly wouldn't need to explain why `/dev/urandom` isn't a source to use for a One-Time Pad, or the disadvantages of One-Time Pads: you're quite familiar with that. We may disagree about whether there's a meaningful distinction between a TRNG and a PRNG, but I suspect we both agree that a CSPRNG output stream getting XORed with the plaintext is a stream cipher, with the entropy pool (and reseeding data) as the key.
kelalaka avatar
in flag
Note that this is not a real criticism of the library. Its aim is to encrypt the password on the transfer. Which has no meaning since we have TLS.
phantomcraft avatar
pf flag
Yes, I know that /dev/urandom will not provide "one million bits security". Maybe a good TRNG, despite being slow.
SAI Peregrinus avatar
si flag
It's not even about that, it's about the problem of transferring the key material securely. 256 bit keys will be enough for the next few billion years, even against planet-sized quantum computers. Transferring the key material of a one-time pad is exactly as hard as transferring the plaintext. If you can transfer key material ahead of time on a secure channel that will later become insecure they're useful. In most other cases they don't add any security, despite being unbreakable! (Also I don't believe TRNGs exist, but that's a metaphysical argument. HWRNGs certainly exist.)
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.