XOR-ing strings in C#

Question

I recently started playing around with C#, and I'm trying to understand why the following code doesn't compile. On the line with the error comment, I get:

Cannot implicitly convert type 'int' to 'char'. An explicit conversion exits (are you missing a cast?)

I'm trying to do a simple XOR operation with two strings.

public string calcXor (string a, string b)
{
    char[] charAArray = a.ToCharArray();
    char[] charBArray = b.ToCharArray();
    char[] result = new char[6];
    int len = 0;

    // Set length to be the length of the shorter string
    if (a.Length > b.Length)
        len = b.Length - 1;
    else
        len = a.Length - 1;

    for (int i = 0; i < len; i++) {
        result[i] = charAArray[i] ^ charBArray[i]; // Error here
    }

    return new string (result);
}

If your string is ASCII, try this result[i] =(char)((short) charAArray[i] ^ (short)charBArray[i]); — ebattulga
– ebattulga, Commented Feb 20, 2013 at 3:37
Bitwise operators only take numbers as operands. Is your string a series of numeric digits? Or are you trying to do this operation based on the ASCII Values? — JohnFx
– JohnFx, Commented Feb 20, 2013 at 3:38
Thanks, i forgot that xor is bitwise operator so it takes 1 and 0 which is why its complaining about int conversion. — user1213042
– user1213042, Commented Feb 20, 2013 at 3:41
To clarify for future readers, a bitwise operator does NOT take 1 and 0. That would be a boolean operator, which only has two values. A bitwise operator acts on ALL the bits of two integers, resulting in an integer. As seen in the accepted answer. — ToolmakerSteve
– ToolmakerSteve, Commented Jun 3, 2015 at 19:06

Community · Accepted Answer · 2014-09-15 19:00:53Z

21

If you use XOR-ing to hide data, take a look at the code below. The key will be repeated as long as necessary. It is maybe a shorter/better approach:

public static string xorIt(string key, string input)
{
    StringBuilder sb = new StringBuilder();
    for(int i=0; i < input.Length; i++)
        sb.Append((char)(input[i] ^ key[(i % key.Length)]));
    String result = sb.ToString ();

    return result;
}

edited Sep 15, 2014 at 19:00

CommunityBot

11 silver badge

answered Oct 10, 2013 at 14:03

Ton Snoei

3,26528 silver badges27 bronze badges

Sign up to request clarification or add additional context in comments.

3 Comments

Samuel Allan Over a year ago

+1 for the code. But using any Stream Cipher without a proper PRG (Pseudo Random Generator) breaks the principle of semantic security. And I'm sorry to say this but in your code the PRG used is extremely far from random looking and is completely predictable. In fact this could be broken with a ciphertext only attack in a very short interval. So in short never EVER USE this kind of encryption unless you used it together with a secure PRP (Pseudo Random Permutation) or any other type of a reliable secure cipher.

Ton Snoei Over a year ago

I fully agree. If you want a secure solution use the tools and frameworks available. They will do the job in the right way for you with the mentioned PRG and all other nice bells and whistles.

ToolmakerSteve Over a year ago

IMHO, the point of XOR-ing strings isn't strong security, but rather a step in obfuscation - making it more work for someone reverse-engineering your code to understand what work your app is doing where. Specifically, they can't simply search your strings. They have to trace the logic, find the XOR method, and feed all the strings through that method, with appropriate keys.

ataravati · Accepted Answer · 2014-08-08 19:52:44Z

7

You are doing an xor on 2 characters. This will do an implicit type conversion to int for you since there is no data loss. However, converting back from int to char will need you to provide an explicit cast.

You need to explicitly convert your int to a char for result[i]:

result[i] = (char) (charAArray[i] ^ charBArray[i]);

edited Aug 8, 2014 at 19:52

ataravati

9,1759 gold badges60 silver badges94 bronze badges

answered Feb 20, 2013 at 3:44

allen

4,6571 gold badge25 silver badges33 bronze badges

Comments

Community · Accepted Answer · 2017-05-23 11:53:35Z

0

If the value of the result is important then Allan is correct (accepted answer). If you are just looking for a match and are not worried about performance, use strcmp() or memcmp() as an alternative.

In assembler is it common to initialize things by an XOR against themselves as the T-cycles are fewer. If I was brute-forcing (hash compare), then this would be an improvement over strcmp or memcmp as I really don't sort order, just match/nomatch.

Readers should also be aware of this which can be tweaked.

edited May 23, 2017 at 11:53

CommunityBot

11 silver badge

answered Nov 26, 2014 at 0:59

mckenzm

1,8682 gold badges14 silver badges21 bronze badges

2 Comments

ToolmakerSteve Over a year ago

IMHO, this answer is not relevant to this question, which says nothing about looking for a match.

mckenzm Over a year ago

I'll pay that. I read too much into the code. When xor-ing strings I would normally expect to pad the shorter string with leading x'00'. Progressing instead from the LHS led me to believe a match is being sought or a transformation is occurring to obscure data.

Collectives™ on Stack Overflow

XOR-ing strings in C#

3 Answers 3

3 Comments

Comments

2 Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

3 Answers 3

3 Comments

Comments

2 Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related