THCrypt

THCrypt copied to clipboard

When the file is split into 256-byte blocks attacker can identify the blocks or parts of blocks that contain the same data (but not the data itself). Every individual byte with the same value and the same relative position in the block will always encrypt to the same output value, attacker will encounter false positives but this could still be very helpful to them.

Example with 4-byte blocks:

AAAAABCDGFGAAAAA -> FABDFCCEABADFABD (it might look random at first glance, but it's not)

Input:  [(A)AA(A)] (A)BCD GFG(A) [AAAA]
Output: [(F)AB(D)] (F)CCE ABB(D) [FABD]

This will be fixed in the future release.

This can be fixed by chaining the blocks together or by encrypting the key with itself after each 256-byte chunk of plaintext.