Just because I'm in a pedantic mood, you can technically have very strong encryption using XOR, but it's not at all practical because you need to XOR your data with a truly random series of values that is as long as the data itself. If that series isn't actually and truly random, then the scheme becomes breakable. That random series of values is both the encryption and decryption key. It's equivalent to using a one-time pad, with all the advantages and disadvantages that brings.
It's not usually practical because you have to store or transmit that key in some way, and if that way isn't itself totally secure then your scheme is not secure. If you can store or transmit that key securely, then you can also (in the vast majority of cases) store or transmit the data you want to encrypt securely, so you haven't gained anything.
This is a real case of "just use a crypto library and be done with it."
> Is asking the user to set and remember an encryption string the correct way?
That wouldn't be remotely sufficient for two reasons:
1) The user-supplied string will not to be random.
2) You need a constant series of random values that is as long as the data you're wanting to encrypt. If the user is securing a 2k long ASCII text, then you need 2k new random numbers for it.
sgt•1mo ago