Ask HN: Is it enough to use XOR encryption for my journal app?
I don't want my employees or myself to see the user's data in the backend. Considering it's just a journal app, is it enough to use XOR encryption in the client, or do I need to use something else?
5 comments
[ 2.5 ms ] story [ 22.6 ms ] threadJust because I'm in a pedantic mood, you can technically have very strong encryption using XOR, but it's not at all practical because you need to XOR your data with a truly random series of values that is as long as the data itself. If that series isn't actually and truly random, then the scheme becomes breakable. That random series of values is both the encryption and decryption key. It's equivalent to using a one-time pad, with all the advantages and disadvantages that brings.
It's not usually practical because you have to store or transmit that key in some way, and if that way isn't itself totally secure then your scheme is not secure. If you can store or transmit that key securely, then you can also (in the vast majority of cases) store or transmit the data you want to encrypt securely, so you haven't gained anything.
This is a real case of "just use a crypto library and be done with it."