0

I need to generate a 16-byte key (outKey) among many devices that is unique to each, can be calculated by some but cannot be calculated by anyone. Each device has a unique 16-byte ID that can be seen publicly.

My implementation adds 2 more 16-byte keys (skey1 and skey2) that will be the same for all devices but will be kept secret.

What I'm doing is taking the exclusive binary OR (XOR) between the ID and skey1. Then I take the result and do another XOR between this and skey2. The output will be outKey.

Somebody that knows skey1 and skey2, plus the ID that is visible, can calculate the outKey but if they don't know skey1 and skey2 they can't, at least that is my thinking.

I know that with enough devices and brute force someone could crack it, but realistically speaking, let's say they can get the ID and outKey of 1,000 devices, would this be enough to feasibly calculate skey1 and skey2 or some derivative to allow other outKeys to be calculated or is this pretty secure?

I'm a noob when it comes to math so I apologize if this question is silly or poorly worded :)

Jack0220
  • 101
  • 1
    Note that XORing with skey1 and skey2 is the same as XORing once with a single number (skey1 XOR skey2), in other words adding skey2 doesn't add any security. –  Sep 30 '21 at 13:01
  • Really @StinkingBishop ?! That means I'm completely wrong. If this is true post it as an answer so you can get credit. – Jack0220 Sep 30 '21 at 14:28
  • @Moo good point actually, i'm just not going to worry about that one :) – Jack0220 Sep 30 '21 at 14:30
  • In another implementation I put the same stuff in the input and take the MD5 hash as the outKey. I thought by using 2x XORs that it can't be reversed (like MD5). – Jack0220 Sep 30 '21 at 14:32
  • @StinkingBishop you are totally right, I just tried it. I'm a failure! – Jack0220 Sep 30 '21 at 14:50

0 Answers0