0

I have some files that are encrypted using an unknown key and it's using the CBC method to encrypt the files.

When I XOR two files together the first two bytes are always the same, but different for each files (make sense for each file)

From that is it possible to recover the real key? First bytes of the file :

1a 1a 14 54 08 0b 02 59

When xoring it to a another file using the same key the first few bytes are :

3a e5 1f 01 3a e5 1f 01

Another beginning of xoring with different file 

bf fb 22 10 bf fb 22 10

As you can see the pattern repeats for those only 8 bytes. It does that for every file that I xor. Does that mean the key length is 4? And from that how can I recover the text ?

Maxime Roussin-Bélanger
  • 101
  • 2

1 Answers1

1

The "XOR cipher" described does not encrypt more than the first block, even if you do not reuse keys. The subsequent blocks can be "decrypted" by the attacker simply by undoing the XOR – there is no secret involved.

Decrypting the first block and finding the key does require more than one message. It is a case of the many-time pad and can be solved either using a known plaintext or by crib-dragging as described in the link above.

Community
  • 1
otus
  • 32,462
  • 5
  • 75
  • 167