Unsafe encryption scheme #8
Description
Contrary to the readme.md this scheme is not safe and not unbreakable.
- Applying a Base64-encoding before applying the Viginere cipher still leave the scheme vulnerable to attacks on the viginere-cipher as Base64 carries patterns into the encoded text. For example, if you encode the array [0, 0, 0, ...., 0] you'll get "AAAAA ... AAAA". While it's probable that it's harder to leverage typical pattern's used in human languages, I'm still reasonable confident that one would still be able to find an attack.
- You suggest using a key that's longer than the message. This would in fact defeat all traditional attacks on the viginere-cipher as it turns into a One-Time-Pad which CAN be optimally secure, under the conditions that each key is uniformly random AND each key is only used once. As the key provided by the user it's safe to assume that neither one are met thus making it insecure.
- It is not secure under the known-plaintext threat model. Let's assume that Alice uses your encryption scheme and send's the message "Send 10 Dollars to Bob" to her Bank but Eve intercept's it. Luckily for Eve, she also knows that Alice was about to send 10 Dollars to Bob so she can guess the plaintext. Now she can Base64-encode "Send 10 Dollars to Bob" and take the difference to the ciphertext and she now knows the key. She can even encrypt "Send 99 Dollars to Eve" using Alice key which obviously is not wanted.
So how does one fix this?
Firstly, one should notify everyone using this that this encryption is in-fact not secure. Secondly, one should use a widely adopted implementation of a widely adopted and well researched cipher like AES-GCM.