Re: Java encryption implementation

In article <dmcl7o$f2o$1@domitilla.aioe.org>,
Lars Schoening <lars@newdarkness.com> wrote:
>Hi, I've written a simple encryption algorithm today and would like to
>ask if anyone can judge upon how secure it is?

It isn't secure.

> * the idea to lining up bytes of text with a long line of random
> * numbers to ensure an encryption impossible to break without
> * the seed.

Well, yeah, it would be secure except for two
things. "Random" means something very special when
used in a cryptographic context, and your Linear
Congruential generator:
> public int random()
> {
> this.seed = (this.seed * 0x5DEECE66DL + 0xBL) & ((1L << 48) - 1);
> return (int)(this.seed >>> 40);
> }
... doesn't qualify as random, nor even decently
pseudo-random.

The second thing is that your state is too small;
there are only 2^something[*] possible sequences
that can be generated by it because "seed" is too
small, and even if the LCG couldn't be analysed to
recover "seed", the attacker could simply try them
all.

[*] does Java guarantee 64-bit longs? I'm not
sure. In C/C++, this could give you either 48, 32,
or even 16 meaningful bits in "seed".

Greg.

-- 
Greg Rose
232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C
Qualcomm Australia: http://www.qualcomm.com.au