Is this algorithm viable? its faster than AES256 upto 50KB

98 views
Skip to first unread message

Alex Breadman

unread,
Aug 2, 2022, 7:32:03 PM8/2/22
to golang-nuts
package mod

import (
"testing"
)

func TestEncrypt(t *testing.T) {
password := []byte("*RTFUGIHOD&TUGGIYKl")
data := []byte("This encryption algorithm is faster than aes256 up to 40kb but how secure is it?")
for x, _ := range data {
p := (password[x%len(password)])
data[x] = data[x] + byte(p)
}
println(string(data))
for x, _ := range data {
p := (password[x%len(password)])
data[x] = data[x] - byte(p)
}
println(string(data))
}

Surely it is only as strong as the password?

Thanks

Nathan Fisher

unread,
Aug 2, 2022, 8:47:45 PM8/2/22
to Alex Breadman, golang-nuts
When looking at hashing algorithms there's a whole lot of factors to consider.

A few of the common considerations are:

1. performance.
2. cryptographic or not.
3. collision rate including avalanche effect and bit-size.

There are a bunch of other considerations but those are some high-level concerns that will often come up when considering a hash function. In the case of AES256 it is a cryptographically secure algorithm which often implies a tradeoff in performance. Depending on your needs an alternative algorithm might be more appropriate such as FNV (available in stdlib), murmur, CityHash, etc that aren't cryptographically secure but provide generally good hashing properties in terms of collision rate and performance.

Cheers,
Nathan


--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/1c8a67cb-d7da-4c41-a8c5-92727d24e773n%40googlegroups.com.


--
Nathan Fisher

Uli Kunitz

unread,
Aug 3, 2022, 6:21:56 AM8/3/22
to golang-nuts
The algorithm would only be viable if you you would use a different secret for every password. If the secret is reused, it can be broken with a single known-plaintext attack. The recommendation is always don't do your own crypto. Use PBKDF2, SHA256-CRYPT or Argon2 for password verification.
Reply all
Reply to author
Forward
0 new messages