Re: Encryption using perl core functions only


Your skill will accomplish what the force of many cannot
	PerlMonks

Re: Encryption using perl core functions only

by moritz (Cardinal)

on Nov 26, 2007 at 19:32 UTC ( [id://653064]=note: print w/replies, xml )

Need Help??

in reply to Encryption using perl core functions only

Just some random thoughts on cryptography and perl:

Implementing cryptographic functions is hard and error prone - don't roll your own.
Even if you use an existing, tested implementation of your favorite cypher - your setup might still be vulnerable (poor key setup, too few key changes, missing authentication, possible man-in-the-middle attacs, ...)
Inventing new algorithms is even harder - don't do it, unless you are really into cryptography. Even if you're good at it, don't used it unless it has gone through peer review.
Blowfish is designed to have a slow key setup, so that it's hard to do brute force key guessing. If you need fast key setup, use something else.
crypt is intended to be a hash function, not a cypher (although the name suggests differently).

Comment on Re: Encryption using perl core functions only

Replies are listed 'Best First'.

Re^2: Encryption using perl core functions only
by goibhniu (Hermit) on Nov 26, 2007 at 21:39 UTC

I agree entirely and personally think that the less we know about the OP context, the less we should condone "security by obscurity". ++ to Moritz and Corion and Perrin and those advocating already written, already tested algorithms and modules.

As to the idea that keeping your algorithm secret is as good as keeping your key secret, the Snake Oil FAQ from comp.security has a section to address this directly, and the folks at the American Cryptogram Association considers it great fun to crack ciphers of an unknown algorithm.

I humbly seek wisdom.

[reply]

In Section Seekers of Perl Wisdom