Security of simple XOR cipher
A while ago I was toying around with XOR ciphers and stumbled on the following construction. I want to understand the security properties/implications of this idea, and thusly under what circumstances (if any) I might viably use it.
Encoding:
Let's say we want to encode a small integer like
1234567890. This encodes to four bytes of data, so all cipher operations will operate on 4 bytes.Securely store a symmetric 4-byte key key.
Retrieve 4 random bytes, aka random, from
/dev/urandom.XOR random with data to get enc_data.
XOR random with key to get enc_key.
Concatenate enc_data and enc_key together to form the 8 byte encoded.
Decoding:
The encoder understands the input format. It splits encoded into enc_data and enc_key.
It derives random by XORing key with enc_key.
It derives data by XORing random with enc_data.
When I came up with this I was trying to non-authoritatively gate access to resources by an intermediary HTTP gateway - an environment looking for a lightweight, "best effort" solution that wasn't the of the world if it was broken.
So I came up with the above, and for a moment was really proud that the intermediary could generate tiny little 8 byte opaque tokens when it allowed access.
But then I started to contemplate the 32-bit search space imposed by a merely 4-byte random nonce... and how the use of a CRNG would prove meaningful in practice... and got the eye-twitches :)
I primarily have two questions:
What wheel have I reinvented?
What are the security properties of this idea? How trivially compromisable is it?
Thanks!
