KnownPlainTextVulnerability example minor fix

gioblu · gioblu · commit d232decc63c0 · 2018-01-22T22:33:39.000+01:00
diff --git a/examples/KnownPlainTextVulnerability/KnownPlainTextVulnerability.ino b/examples/KnownPlainTextVulnerability/KnownPlainTextVulnerability.ino
@@ -37,8 +37,7 @@ void setup() {
 void loop() {
   Serial.print("Salt: ");
   // Set a new salt
-  if(cape.salt != 127) cape.salt++;
-  else cape.salt = 0;
+  cape.salt++;
   Serial.print(cape.salt, DEC);
 
   Serial.print(" Encryption key: ");
@@ -52,7 +51,15 @@ void loop() {
   for(int i = 0; i < 10; i++)
     Serial.print((char)destination[i]);
 
-  Serial.print(" Brute force key: ");
+  /* Simulating known plain text attack with the following assumptions:
+     - Known plaintext
+     - Known ciphertext
+     - Known key length (can be obtained using brute force quickly)
+     - Known function used (hash/encrypt)
+     - Known reduced key (can be obtained using brute force quickly)
+     - Salt is obtained using brute force: */
+
+  Serial.print(" Calculate key: ");
   for(uint8_t i = 0; i < 10; i++)
     calculated_key[(i ^ cape.salt ^ reduced_key) % 10] =
       (destination[i] ^ source[i] ^ cape.salt ^ reduced_key ^  i);
@@ -61,6 +68,8 @@ void loop() {
     Serial.print((char)calculated_key[i]);
   Serial.println();
 
+  // More than one salt value generates the key originally used (bad)
+
   for(uint8_t i = 0; i < 10; i++) {
    if(calculated_key[i] != key[i]) break;
    if(i == 9) {
@@ -69,8 +78,8 @@ void loop() {
    }
   }
 
-
   // Erase buffer
+
   for(int i = 0; i < 10; i++) {
     source[i] = '0';
     destination[i] = 0;
