← All tools
// Security

XOR Encryptor online

Encrypt and decrypt text using XOR cipher with any key

XOR Encryptor logo
by
CHUNKY
MUNSTER
// Input
// Output

How to Use xor-encryptor

  1. Enter the plaintext (or ciphertext) in the input field.
  2. Enter the key — any text or hex string.
  3. Click Encrypt/Decrypt: XOR is its own inverse, so the same operation encrypts and decrypts.
  4. Choose output format: hex or Base64.

XOR (exclusive OR) is the foundation of symmetric encryption: XOR a byte with a key byte, and XOR the result with the same key byte to recover the original. With a truly random key of equal or greater length used only once, this is the one-time pad — provably unbreakable. With a short repeating key, XOR is trivially broken by frequency analysis. This tool implements repeating-key XOR for educational use and CTF challenge solving.

XOR Cipher Security

A single-byte XOR key (key length 1) can be broken in 256 tries. A multi-byte key can be attacked by determining the key length (coincidence index) and then applying frequency analysis to each byte position independently. XOR with a properly generated, non-repeating random key of the same length as the message is the one-time pad — Shannon-theoretically secure. In practice, key distribution makes OTP impractical for most applications — AES in a secure mode is the appropriate alternative.

Frequently Asked Questions

Why is XOR its own inverse?

A XOR B = C. C XOR B = A. Because XOR flips bits controlled by the key: if the key bit is 1, the bit flips; flip it again with the same key and it returns to the original. This makes XOR symmetric — encryption and decryption are identical operations.

Is XOR encryption safe to use?

Only if the key is truly random and at least as long as the message, used once, and kept secret — that's the one-time pad. Repeating-key XOR is easily broken. For production use, use AES-256-GCM.

How is XOR used inside AES?

AES uses AddRoundKey, which XORs the current block with the round key — XOR as a combining step within a larger, much more complex cipher. XOR's speed (one CPU instruction) makes it ideal as a lightweight mixing operation inside complex ciphers.

What is the CTF "single-byte XOR challenge"?

A common CTF challenge presents ciphertext encrypted with a single unknown byte XORed with each character. Since there are only 256 possible key bytes, try all 256 and score each result's English letter frequency. The key that produces the most English-like plaintext is correct.

See also the AES Cipher, Vigenère Cipher, and the Caesar Cipher.