XOR Cipher

Encode text using XOR cipher with a numeric key and view hex output

What is it and how does it work?

The XOR cipher applies the bitwise XOR (exclusive OR) operation between each byte of the plaintext and a key byte (or key stream). XOR has a perfect symmetric property: A ⊕ K = C (encrypt), and C ⊕ K = A (decrypt) — the same operation with the same key decrypts the ciphertext. With a single-byte key, XOR cipher is a trivially breakable substitution cipher. With a multi-byte repeating key, it becomes a polyalphabetic cipher equivalent to Vigenère cipher (breakable by Kasiski examination). With a truly random key as long as the message used only once, it becomes the theoretically unbreakable One-Time Pad.

XOR is fundamental to modern cryptography — every symmetric block cipher (AES, ChaCha20, Salsa20) uses XOR operations at their core. Stream ciphers like ChaCha20 generate a pseudorandom keystream and XOR it with plaintext, exactly like XOR cipher but with a cryptographically secure keystream. This tool demonstrates XOR encryption with configurable key (single byte, hex key, or text key), shows the byte-level XOR operations, and computes XOR of two hex strings.

Common use cases

• Byte-level debugging: XOR two values to check bit flags — `0b10110011 ⊕ 0b00001111 = 0b10111100` to mask/unmask specific bits without affecting others.
• Simple obfuscation: XOR encode configuration values or strings in source code with a single-byte key to prevent casual reading — not secure, but deters copy-pasting.
• Checksum computation: XOR all bytes of a data frame to compute a simple parity checksum — `data.reduce((xor, byte) => xor ^ byte, 0)` in JavaScript gives a 1-byte checksum.

Frequently asked questions

What is XOR and how does it work?

XOR (exclusive OR) is a bitwise operation: output is 1 if and only if exactly one input is 1. Truth table: 0⊕0=0, 0⊕1=1, 1⊕0=1, 1⊕1=0. Key properties: A⊕0=A (XOR with 0 is identity), A⊕A=0 (XOR with itself is zero), A⊕B⊕B=A (XOR is its own inverse). These properties make XOR invaluable in cryptography: if C=P⊕K, then P=C⊕K — the same key undoes the operation.

Why is single-byte XOR cipher trivially breakable?

With a single-byte key (256 possible values), brute force is instantaneous — try all 256 keys and check which produces readable English. More elegantly: frequency analysis works because XOR with a constant key is just a character substitution — the most frequent byte in the ciphertext corresponds to the space character (0x20) or 'e' (0x65) in English. XOR the most frequent ciphertext byte with 0x20 and 0x65 to get candidate keys.

What is the XOR swap algorithm?

XOR can swap two variables without a temporary: `a ^= b; b ^= a; a ^= b;`. Proof: after step 1, a = a⊕b; after step 2, b = (a⊕b)⊕b = a; after step 3, a = (a⊕b)⊕a = b. This works because XOR is commutative and associative, and A⊕A=0. Note: the XOR swap fails if a and b are the same variable (same memory address) — it zeroes the variable. Modern compilers generate equally fast code with a temp variable, so XOR swap is mostly a curiosity.

How does XOR relate to One-Time Pad and modern ciphers?

The One-Time Pad (OTP) is XOR cipher with a key that is: (1) truly random, (2) as long as the plaintext, (3) never reused. Shannon proved OTP is perfectly secret (information-theoretically unbreakable). AES-CTR mode and ChaCha20 are essentially "computational OTPs" — they generate a pseudorandom keystream using a block cipher or PRF, then XOR it with plaintext. The security reduces to the security of the keystream generator, not the XOR itself.

Security

Password Strength Checker · ROT13 Cipher · Base32 Encoder / Decoder · Hex Encoder / Decoder · Caesar Cipher · Vigenère Cipher