Don't click here unless you want to be banned.

LSL Wiki : llXorBase64StringsCorrect

HomePage :: PageIndex :: RecentChanges :: RecentlyCommented :: UserSettings :: You are
string llXorBase64StringsCorrect(string s1, string s2)

Performs an xor on two Base64 strings and returns a Base64 string. s2 repeats if it is shorter than s1.

This function is a replacement for the deprecated function llXorBase64Strings. See that page for a discussion of the changes between its implementation and that of this function.

This function is for encrypting data. Put your data in s1 and your key in s2 to encrypt or put the encrypted data into s1 with the same key in s2 to decrypt again.

While fine for most SL encryption purposes, Xor'ing a string with a password is considered a very weak encryption algorithm. Do not use this for anything that will cost you RL $ if compromised (such as an automated RL - SL currency exchanger). Also, consider carefully how much damage a malicious party might be able to wreak if your encryption is hacked.

This type of encryption is similar to something called a one time pad that is if s2 is the same length as s1, is generated randomly (not pseudo randomly), and s2 is used only once. When used in this way this function is provably unbreakable. However implementing this function in this way is difficult to say the least. However with a little ingenuity and some creative problem solving we might be able to create different variations of this with acceptable reductions in security with minimal resource requirements(execution time, memory). IE have a new key created for each message maybe based on some universally changing constant like the server timestamp.

As it turns out the quickest way to weaken xor type encryption is to use the key more than once, either by repeating a small key across a longer message or to use the same key on more than one message. It is only strong if the key is used only once. So this type of encryption when used with the same key over and over is supposedly rather trivial to break.

Use llStringToBase64 and llBase64ToString for converting to and from Base64 respectively.

The following is a PHP implementation of llXorBase64StringsCorrect(), useful for "unencrypting" data you've sent as an "encrypted" string to a web server via llHTTPRequest, llEmail or whatever future functions might be released :-)
// Code by SignpostMarv Martin, with thanks to Hewee Zetkin for bringing to light another case of "Marv's bugs always being typos"
// Trimmed and made more efficient (less superfluous base64_decode/encodes everywhere) by Haravikk
function llXorBase64StringsCorrect($s1$s2) {
$s1 base64_decode($s1); $l1 strlen($s1);
$s2 base64_decode($s2);
$l1 strlen($s2)) $s2 str_pad($s2$l1$s2STR_PAD_RIGHT);
base64_encode($s1 $s2);

Q: Why is only the first part of my encrypted message being decrypted correctly on the other end?
A: Check that you don't have two @ symbols (@@) anywhere in the string, for some reason this (and possibly others) break the decryption

This article wasn't helpful for you? Maybe the related article at the LSL Portal is able to bring enlightenment.

Functions | Crypto
Comments [Hide comments/form]
Attach a comment to this page: