Easy encryption using bitwise “exclusive-OR” (XOR)

Disclaimer:
This basic guide is aimed at people who have at least a basic understanding of scripting or programming (JS, PHP, C(#/++), Java, Python, ….). If you’re not familiar with it this will probably be Chinese for you and you might wanna skip this.

Bitwise exclusive-OR aka XOR:
XOR is a bit like normal OR. OR compares 2 or more values and evaluates to true if one or more of those values evaluate to true. XOR on the other hand only evaluates to true if only one of those values evaluate to true.

Example:
Code:
if (0 OR 0) // false
if (0 OR 1) // true
if (1 OR 1) // true

if (0 XOR 0) // false
if (0 XOR 1) // true
if (1 XOR 1) // false

Pretty simple and straight forward. The bitwise version of this does the same but on a per bit level. So, a bitwise XOR operation on 2 bytes will compare the bits (1’s and 0’s) in those bytes. Where both bits are 0 or 1 the result will be 0, where only one bit is 1 the result will be 1.

Example, a bitwise XOR operation on 2 bytes:
Code:
11010001 (Decimal 209) <- source value
10101010 (Decimal 170) <- "key" value
XOR ----------------------
01111011 (Decimal 123) <- the result

This is handy for encryption because the same calculation or algorithm can be used to get the original value back (decryption):
Code:
01111011 (Decimal 123) <-- previous result value 10101010 (Decimal 170) <- same key value XOR ---------------------- 11010001 (Decimal 209) <- got the source value back

As you can see the idea is very simple and can be used to create basic means of encryption in 5 minutes. It isn't exactly strong encryption but unless some evil person knows how the data was encrypted he'd have a very hard time making sense of it. It could be encrypted with a heavy duty 256 bits strong algorithm for all he knows.

Not only is it simple and potentially fairly effective, it should also be fast. Very. Mainly because the Intel x86 instruction set includes a XOR CPU instruction.

Code:
; x = x ^ y in 8086 assembly.

mov ah, 0xD1 ; set ah register to 209.
mov al, 0xAA ; set al register to 170.
xor ah, al ; set ah to the result of (ah XOR al).

; the ah register now has 0x7B as value.
; ah and al are the higher and lower 8 bits part of the 16 bits ax register.

You don't need to understand the above x86 stuff. Just know that a bitwise XOR operation is usually very fast .

Using it your scripts or programs:

In most C-based languages (including PHP) the bitwise XOR operator is the "^" sign.
Code:
$result = 209 ^ 170; // PHP
result = 209 ^ 170 // Python
byte result = 209 ^ 170; // C#
let result = 209 ^^^ 170 // F# (^^^ is not a typo here, lol)

So, let's write a function that encrypts a file. F#:

Code:
open System
open System.IO

// The function
let EncryptOrDecrypt file key =
file
|> File.ReadAllBytes
|> Array.Parallel.map (fun b -> b ^^^ key)
|> fun bytes -> File.WriteAllBytes(file, bytes)
bytes

// Enc/decryption key and file
let theKey = byte 170
let theFile = "some_file.txt"

// Do the magic
let result = EncryptOrDecrypt theFile theKey

As you can see it doesn't require a lot of code at all. Putting a text file trough that function will result in something like this:

Using the same key doing the same thing again will decrypt it.
Same function in C#:

Code:
public byte[] EncryptOrDecrypt(string file, byte key)
{
byte[] bytes = File.ReadAllBytes(file);
for (int i = 0; i < bytes.Length; i++) bytes[i] = bytes[i] ^ key;
File.WriteAllBytes(file, bytes);

return bytes;
}

The idea will be the same for PHP, Python etc. And it doesn't have to be done on a file. For example you could use it on data stored in a database. Perhaps use it as an extra security layer on md5 hashes. It can be used for a lot of stuff. And considering the small amount of code and the performance there is no reason not to use it in places where you store sensitive data. In the case of desktop programs it could be used to secure in-memory data (perhaps passwords) or data in SQLite files.

So..:
I hope this was somehow useful for you, though I doubt there are many people here that will understand this (we don't have that many coders here). I did write this thing myself instead of copy/pasting from another resource and I'm not that good at explaining stuff so I hope it was somewhat understandable .

Feel free to ask questions .

Update:
A bit of a more practical C# example can be found here. If you use it in your code be sure to enable the Allow Unsafe Code option in the projects Build settings.

Credits : Hyperz