Re: Encryption in Perl?
by edan (Curate) on Jul 19, 2004 at 14:05 UTC
|
| [reply] |
Re: Encryption in Perl?
by gellyfish (Monsignor) on Jul 19, 2004 at 14:06 UTC
|
| [reply] |
Re: Encryption in Perl?
by xorl (Deacon) on Jul 19, 2004 at 14:09 UTC
|
| [reply] |
|
AFAICT, this is the "encryption" loop from My::Crypt:
for ($j = 0; $j < length($a); $j++) {
substr($a, $j, 1) += substr($b, $i, 1);
substr($a, $j, 1) = 0 if substr($a, $j, 1) == 2;
$i = 0 if ++$i > length($priv);
}
In other words, it's a completely naive implementation of simple XOR. Avoid at all costs. | [reply] [d/l] |
|
| [reply] |
Re: Encryption in Perl?
by wufnik (Friar) on Jul 19, 2004 at 15:21 UTC
|
| [reply] [d/l] |
Re: Encryption in Perl?
by crep (Novice) on Jul 19, 2004 at 14:51 UTC
|
I wrote (with the help of these nice perl monks) a script the other day to encrypt a file using blowfish. Blowfish is accepted around the world, but only slightly less than PGP.
Encryption can be acceived using the crypt::cbc module. It allows you to use all sorts of different types. Search it on google, i think the first or second site shows use and example code. :)
-Jack C
jack@crepinc.com | [reply] |
|
Of course since blowfish is a symetric algorithm you'd need to arrange a secure channel for exchanging keys (say by using a public key algorithm like El Gamal or RSA). And you'd have to come up with a message format. Then to avoid tampering you'd want a MAC. And . . . and . . . and . . . . At which time you'd have probably reimplemented something resembling PGP.
Just remember, doing crypto correctly is hard even for people that know what they're doing. Going with something standard that's been gone over by many eyeballs is more than likely going to be more secure than rolling your own.
| [reply] |
|
Blowfish is an excellent choice. However, if you are looking for something widely accepted, you should look at
Rijndael, the new AES (Advanced encryption standard).
http://search.cpan.org/~dido/Crypt-Rijndael-0.05/Rijndael.pm
-DBC
| [reply] |
Re: Encryption in Perl?
by december (Pilgrim) on Aug 03, 2004 at 04:17 UTC
|
If you don't mind to install a lot of perl modules, you could use Crypt::OpenPGP. I've been using it for a while, and it works quite well. You can find PGP software for pretty much any platform, so you could code/decode the files anywhere, even without Perl installed.
If installing the dependencies is too much work for you, most crypto modules for popular ciphers are safe and pretty 'standard' - try Crypt::Blowfish or Crypt::Rijndael, for instance. The former has shown it's use and security, the latter has been chosen as standard cypher for encryption of official data by e.g. the American government.
| [reply] |
Re: Encryption in Perl?
by Wassercrats (Initiate) on Jul 20, 2004 at 05:27 UTC
|
When looking for a cypher module, I'd choose one of the final five AES candidates (MARS, RC6, Rijndael, Serpent and Twofish). I'm basing my choice of password manager on that list, with preference to the winner (Rijndael).
I gathered some information here, on seven password managers for Windows, that I might turn into a review. Anyone who knows (or doesn't) about this stuff, feel free to comment. | [reply] |