I need to generate a 16-byte key (outKey) among many devices that is unique to each, can be calculated by some but cannot be calculated by anyone. Each device has a unique 16-byte ID that can be seen publicly.
My implementation adds 2 more 16-byte keys (skey1 and skey2) that will be the same for all devices but will be kept secret.
What I'm doing is taking the exclusive binary OR (XOR) between the ID and skey1. Then I take the result and do another XOR between this and skey2. The output will be outKey.
Somebody that knows skey1 and skey2, plus the ID that is visible, can calculate the outKey but if they don't know skey1 and skey2 they can't, at least that is my thinking.
I know that with enough devices and brute force someone could crack it, but realistically speaking, let's say they can get the ID and outKey of 1,000 devices, would this be enough to feasibly calculate skey1 and skey2 or some derivative to allow other outKeys to be calculated or is this pretty secure?
I'm a noob when it comes to math so I apologize if this question is silly or poorly worded :)