Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Encryption in Perl?

by Gorby (Monk)
on Jul 19, 2004 at 14:02 UTC ( [id://375551]=perlquestion: print w/replies, xml ) Need Help??

Gorby has asked for the wisdom of the Perl Monks concerning the following question:

Hello Wise Monks,

I'd like to know whether there is a function or a module that I can use to encrypt and decrypt plain text. Could there be a module that does this using an internationally accepted standard?

Thanks in advance for your help.

Gorby

Replies are listed 'Best First'.
Re: Encryption in Perl?
by edan (Curate) on Jul 19, 2004 at 14:05 UTC
[reply]
Re: Encryption in Perl?
by gellyfish (Monsignor) on Jul 19, 2004 at 14:06 UTC

    I think if you were to look here you should be able to find something that suits your purposes.

    /J\

[reply]
Re: Encryption in Perl?
by xorl (Deacon) on Jul 19, 2004 at 14:09 UTC
[reply]
      AFAICT, this is the "encryption" loop from My::Crypt: 
      for ($j = 0; $j < length($a); $j++) {
    substr($a, $j, 1) += substr($b, $i, 1);
    substr($a, $j, 1) = 0 if substr($a, $j, 1) == 2;
    $i = 0 if ++$i > length($priv);
}

      [download]
      In other words, it's a completely naive implementation of simple XOR. Avoid at all costs.
[reply]
[d/l]
        On the other hand the one-time pad, which is a Vignère ('simple XOR') variant with key length equal to or greater than the plain text length, is the only possible encryption algorithm with perfect secrecy, as was proven by Shannon.
        Most other applications of the Vignère cipher (I just hesitate to say 'all') are quite easy to break, which everyone who ever attempted to break it will have found out.
        The point is that "encryption/decryption" is not enough information to decide which algorithm to use. Even ROT13 can be permissible when the issue is not reasonable secrecy but the fear of revealing data to someone who does not want to know it.
        And here we are. My advice to the OP: Unless you only meant to find modules and already read a couple of books on cryptology and cryptanalysis, better do it now. It is not neccessary, but in my eyes it'll help you understand your problem better. References: Gaines, Schneier, etc., pp.
        Hope this helped.
        CombatSquirrel.
        Entropy is the tendency of everything going to hell.
[reply]
Re: Encryption in Perl?
by wufnik (Friar) on Jul 19, 2004 at 15:21 UTC
    well, it's not an internationally accepted standard, but it's interesting, and reasonably secure. the following presented as an almost useable curiosity, rather than a bullet proof cryptofactory:

    as described in cryptonomicon, by neal stephenson, here is ian goldberg's solitaire encryption in perl, with comments to help out.
    Read more... (7 kB)
    ...wufnik

    -- in the world of the mules there are no rules --
[reply]
[d/l]
Re: Encryption in Perl?
by crep (Novice) on Jul 19, 2004 at 14:51 UTC
    I wrote (with the help of these nice perl monks) a script the other day to encrypt a file using blowfish. Blowfish is accepted around the world, but only slightly less than PGP. Encryption can be acceived using the crypt::cbc module. It allows you to use all sorts of different types. Search it on google, i think the first or second site shows use and example code. :) -Jack C jack@crepinc.com
[reply]

      Of course since blowfish is a symetric algorithm you'd need to arrange a secure channel for exchanging keys (say by using a public key algorithm like El Gamal or RSA). And you'd have to come up with a message format. Then to avoid tampering you'd want a MAC. And . . . and . . . and . . . . At which time you'd have probably reimplemented something resembling PGP.

      Just remember, doing crypto correctly is hard even for people that know what they're doing. Going with something standard that's been gone over by many eyeballs is more than likely going to be more secure than rolling your own.

[reply]

      Blowfish is an excellent choice. However, if you are
      looking for something widely accepted, you should look at
      Rijndael, the new AES (Advanced encryption standard).
      http://search.cpan.org/~dido/Crypt-Rijndael-0.05/Rijndael.pm

      -DBC
[reply]
Re: Encryption in Perl?
by december (Pilgrim) on Aug 03, 2004 at 04:17 UTC

    If you don't mind to install a lot of perl modules, you could use Crypt::OpenPGP. I've been using it for a while, and it works quite well. You can find PGP software for pretty much any platform, so you could code/decode the files anywhere, even without Perl installed.

    If installing the dependencies is too much work for you, most crypto modules for popular ciphers are safe and pretty 'standard' - try Crypt::Blowfish or Crypt::Rijndael, for instance. The former has shown it's use and security, the latter has been chosen as standard cypher for encryption of official data by e.g. the American government.

[reply]
Re: Encryption in Perl?
by Wassercrats (Initiate) on Jul 20, 2004 at 05:27 UTC
    When looking for a cypher module, I'd choose one of the final five AES candidates (MARS, RC6, Rijndael, Serpent and Twofish). I'm basing my choice of password manager on that list, with preference to the winner (Rijndael).

    I gathered some information here, on seven password managers for Windows, that I might turn into a review. Anyone who knows (or doesn't) about this stuff, feel free to comment.

[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://375551]
Approved by edan
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others perusing the Monastery: (7)
As of 2024-04-24 01:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found