Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Cryptography

by vroom (His Eminence)
on May 26, 2000 at 01:34 UTC ( [id://14880]=sourcecodesection: print w/replies, xml ) Need Help??
An Useless Cipher
on Jul 26, 2009 at 13:47 UTC
by Oromis92
bah... something stupid, just for exercise.
Yet Another Cryptogram Script
on Mar 20, 2009 at 09:49 UTC
by missingthepoint
Yes, another one.
Blowfish based password hashing
on Dec 21, 2008 at 20:59 UTC
by zentara
Many linux/unix distibutions are moving up to a variation of blowfish to hash passwords. See blowfish password hashing for more details.

The Crypt-Eksblowfish module gives Perl users the access to this, but the module has many parts and is not crystal clear on usage. This is just a clarified version of one of the modules test scripts, to show how you can use it.

ARC4
on Nov 29, 2008 at 12:04 UTC
by Oromis92
this is a very simple code to encode a file or a string by ARC4. I don't use modules. I'm a relatively perl newbie... so the code isn't perfect
A better rand() for Win32
on Jul 30, 2007 at 18:08 UTC
by bitshiftleft
With better random number generators in the unix environments (/dev/random). I was looking for something like it on Win32, and there is. My motive is that I think some games that base there learning on neural nets may be learning on the poor periodic rand() type of random number generation. This means that the Neural Net may be learning the next roll of the dice rather than the game strategy itself. The Perl rand() repeats every 32000 times. Cryptographically generated random numbers gather entropy to seed there generators.
Crypt::Random::ISAAC - secure random number generator
on Jun 10, 2005 at 20:25 UTC
by radiantmatrix

Update 2005-07.Jul-12: Version 0.92 ; new method for seed generation as a result of code feedback from PerlMonks. Thank you!


NAME

Crypt::Random::ISAAC - ISAAC Crypto-secure PRNG, using address allocation as seed.


SYNOPSIS

This is a drop-in replacement for Perl's rand(), but nothing is exported by default.

        use Crypt::Random::ISAAC 'rand';
        print rand();
        
        ## OR ##
        
        use Crypt::Random::ISAAC;
        print Crypt::Random::ISAAC::rand();
        
        ## OR ##
        
        use Crypt::Random::ISAAC qw'rand randinit';
        @Crypt::ISAAC::randrsl = @seed0..255;
        randinit(1); ## inits using seed value;
        print rand();

This can be used with other modules like Crypt::RandPasswd in the following manner:

        use Crypt::Random::ISAAC;
        use Crypt::RandPasswd;
        *Crypt::RandPasswd::rng = \&Crypt::Random::ISAAC::rand;

since our rand function has the same interface.


DESCRIPTION

A CSPRNG using natural timing (specific to exact CPU and load when run) as a seed, conforming to the ISAAC spec (considered Cryptograpically Secure). Core PRNG uses code originally (c)Bob Jenkins, 1996 and ported to Perl by John L. Allen, 2000. See http://burtleburtle.net/bob/rand/isaacafa.html for the original C code and the Perl translation.

Initialization is peformed during module load, but can be repeated.


CAVEATS

Seed not tested
Although the ISAAC algorithm has been well-tested for security, the method for choosing the random seed that is employed by this module has not. The seed is chosen by allocating memory for references, assigning the lower 32 bits of the address to each seed slot. The results are mixed somewhat before use, and care is taken to ensure that a contiguous block of addresses are not used.

If this is not secure enough, the @randrsl array can be populated with seed values from a more entropic source (like /dev/random on *NIX). If this is done, you must call the randinit function to re-seed the generator. For example:

        if (-f '/dev/random') {
                open RAND, '<', '/dev/random' or die('No read on random device');
                for (0..255) { 
                        my $bytes;
                        read(RAND,$bytes,2);
                        $bytes = (ord(substr($bytes,0,1))<<16) + (ord(substr($bytes,1,1)));
                        $Crypt::Random::ISAAC::randrsl$_ = $bytes;
                }
                close RAND;
        }

But then, if you have /dev/random, you probably don't need this module!

Rand function wrapper insufficiently tested
The replacement rand() relies on isaac() for its randomness. Some numerical conversion is done. While I don't believe this conversion has any effect on randomness, it has not been robustly tested. The author welcomes feedback on this function.


HISTORY

Version 0.9
Released on PerlMonks http://www.perlmonks.com - original version.

Version 0.91
Not released, testing version

Version 0.92
Released on PerlMonks http://www.perlmonks.com - new random-seeder method; uses the lowest 32 bits of a series of addresses belonging to references. This should be hard to reproduce or guess.


AUTHOR

Darren Meyer <darren.meyer@gmail.com>, making heavy use of others' code.


COPYRIGHT

Original ISAAC code (c)1996 Bob Jenkins under a ``code is free and may be used as you wish'' license.

Perl port (c)2000 John L. Allen under the same license as the original ISAAC code.

This module is available under the terms of the MIT License, though the code by the above authors is unencumbered.:

Copyright (c)2005 Darren Meyer

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the ``Software''), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Decrypt and encrypt CVS password in .cvspass
on May 17, 2005 at 12:15 UTC
by bsdz
This script descrambles CVS passwords normally found in your ~/.cvspass file. It also can generate scrambled passwords. I originally converted the C source code to Perl to recover an old CVS password.
Crypt::OpenPGP - finding and using preferred SK algorithm
on Feb 03, 2004 at 16:40 UTC
by hv

Crypt::OpenPGP provides no overt mechanism to interrogate a self-signed key to determine the owner's preferred encryption mechanisms. After pointers in Crypt::OpenPGP - determining which cipher to use I came up with this sample code that shows how you can do that.

Caveats: delves into object innards, provided for education only, tested only with modern (v4) signatures, assumption that code is self-documenting may be dubious.

CipherSaber
on Jun 27, 2003 at 19:44 UTC
by beretboy
This is my own personal implementation of CipherSaber. It adheres to the CipherSaber-1 standard. It is slow, but if you want speed, use a C version.
Crypt::Navajo
on Jan 17, 2003 at 08:45 UTC
by Cybercosis
This module implements the code that was devised and used by the Navajo Code Talkers in the Pacific theater of WWII. The Code was instrumental to the Allied victory there.
HPUX password merger
on Dec 05, 2002 at 20:18 UTC
by Limbic~Region
http://www.users.dircon.co.uk/~crypto/ requires to work against a file in the format of /etc/passwd. Unfortunately on HPUX in trusted mode, the encrypted passwords for each user is stored in /tcb/files/auth/<first character of user name>/<user name> This little program goes through and creates a /tmp/passwords file with the encrypted password back in the second field.
CryptoPad v2.00
on Nov 29, 2002 at 17:21 UTC
by sifukurt
Here's the latest incarnation of CryptoPad. I've added two more encryption algorithms and moved the algorithms to a drop-down list, rather than each one having a separate button. Hopefully you'll find it useful. As always, constructive comments are welcome.
Supervisor
on Jun 18, 2002 at 06:18 UTC
by zejames
Supervisor is a set of 2 script :
  • Supervisor, that compares file md5 checksums with the ones stores in a fingerprint file
  • update, that updates information about supervised file into the fingerprint file
SpamStego
on Apr 22, 2002 at 02:28 UTC
by beretboy
Inspired by spammimic.com this code turns your message into spam-like text. Especially useful for hiding the true nature of encrypted messages.
Transformation
on Jan 28, 2002 at 15:58 UTC
by Alex the Serb
This script is tested on Linux platform, but could probably be run under Cygwin if Perl and GNU C compiler are installed. The script changes the original Perl script text by some values stored in @codes variable. Then, it makes the C file and make script for it to be compiled. After compilation the script is embeded in exe file, but its not visible in original form, so it will be not easy to change it in Hex editor. You could use this script with changed numbers in @codes variable every time you compile a new script. This will add additional difficulties to anyone who tries to crack it. Many thanks goes to Damian Conway, who told me to read perlembed, perlxs and stuff like that, because his module Morse.pm was not good enough! .. thanks dude! You call this script with one argument that points to Perl script that you want to transform. After transformation of the script, you should run make that was created during transformation. After that the file called "exe" is created. That is executable created from your script that will be executed real fast, much faster than using Damian's Morse or Bleach modules!!!

Important: This script was tested on many Perl scripts, however, because the Perl interpreter is statically linked into executable, the size of new script will be: (the size of Perl interpretter) + (the size of integer) * (number of characters of your script)

Also, the modules that are dinamically linked during execution must be available on the server that you are porting to. However, the most of you are like me (I don't port the scripts from one server to another that often), so you should probably compile Perl interpreter with dinamic library option libperl.so that will render Perl interpreter to only 15 Kb or so!

Important2: Its after nearly 3-4 months of succesfull execution of executables made by this script that I dared myself to put it in here .. so there is no fear of bad stuff happening to your computer :)

So, if you are paranoic like me or if you are surrounded by sharks .. like me .. feel free to use this script to protect your work from "accidental" change.

Update: Its acctually a good thing to repeat some of the codes, because the fact that every code is different from any other incresses the probability of cracking!
Blowfish using Inline::C
on Jan 26, 2002 at 04:41 UTC
by ton
I wrote a C implementation of Crypt::CBC in Blowfish mode, and tied it to Perl using the excellent Inline module. The result is a perl package that is roughly ten times faster than Crypt::CBC. All comments are welcome!

Sample Use

my $obj = Blowfish->new($passphrase, length($passphrase)); my $crypttext = $obj->Encrypt($text, length($text)); my $plaintext = $obj->Decrypt($crypttext, length($crypttext));
Vigenere Cipher: Encode and Decode
on Jan 18, 2002 at 06:14 UTC
by mrbbking

This is a complete and historically accurate implementation of the Vigenere cipher. According to The Code Book, by Simon Singh, (Doubleday, 1999, ISBN 0385495315) Blaise de Vigenere formalized this cipher system based on the earlier work of Battista Alberti, Johannes Trithemius and Giovanni Porta.

This cipher is defined to function only on letters, and only with a key comprised exclusively of letters. Among this cipher's strengths is that only the encrypted letters are included in the ciphertext.
All punctuation and spaces are removed, so the ciphertext is an unbroken string of letters. No word breaks or punctuation to help in cryptanalysis.

Don't take that to mean this is secure against anyone serious.
It isn't.

There is a recent reference to a module called Crypt::Vigenere by Alistair Mills, but a CPAN search does not locate it as of 2002-01-13.
Discussion of the submission of that module is at: http://archive.develooper.com/modules@perl.org/msg08962.html

Shred
on Jan 04, 2002 at 22:38 UTC
by descartes
A quick-and-dirty script I whipped up to securely delete files up to and beyond Orange Book standards. The default is seven passes over overwriting first with 0's, then with 1's, then with a cryptographically secure mechanism (In this case, blowfish using /dev/urandom). It is very messy, in that it uses /dev/urandom for all of its input, so on a very large file (or after many files), the entropy will become less and less random, but I'll likely do something about that when I get some time. Any other input would be appreciated.
CryptoPad
on Dec 28, 2001 at 23:49 UTC
by sifukurt
This script started off as one of those "I wonder if I can do this" sort of things. I wanted to get more proficient at using Tk, and I really just did it for the challenge and for the fun. I can't make any claims as to the overall level of security it provides. If you use it insecurely, it'll be insecure, simple as that. It does require several modules, all of which are listed at the top of the script. I really only designed it with mild security in mind, so if you use it for matters of national security, you do so at your own risk.

Hopefully you'll find it at least somewhat useful.

UPDATE: The problem with the zero length file output (detailed below) was a very careless error on my part. I apologize for any inconvenience this may have caused. I have corrected the error in the code contained herein.
Ximp
on Dec 02, 2001 at 04:27 UTC
by beretboy
A encryption algorithm. That I whipped up. Takes file name as command line argument, -d switch sets it into decrypt mode. Key can be anything but the longer the better.XIMP stands for XIMP Is Mucho Polyalphabetic. DISCLAIMER: This should by no means be taken seriously! It was simply an experiment! This is by no means real crypto and could be cracked by anyone with even limited knowledge of cryptography.
Personal crypting algorithm
on Nov 05, 2001 at 00:59 UTC
by Asmo
This is my first package. It seems to work fine ;) It's some sort of personal encryption algorithm that uses XOR, pack, tr, and some weird key transformations.

To use it :

require 'asmocript.pl';

AsmoCrypt::acrypt($sentence,$key); to crypt a sentence and
AsmoCrypt::adecrypt($sentence,$key); to uncrypt a crypted sentence.

I apologize for my bad english ;)

Asmo
crypt_edit.pl
on Oct 10, 2001 at 03:00 UTC
by ichimunki
Extremely light-weight Tk text editor that saves text to an encrypted file using GnuPG or PGP (or any other reasonably similar encryption utility). Does not yet include the ability to sign text. Will not protect you from keyboard sniffers, shared memory issues, x-ray vision, or users of PSI::ESP. This script's only intent is to make it possible to type some text and encrypt it to disk without first having to save the text to a file. Saving the plain text to a file may be fine for information in transit, but if your machine starts out secure, but is later compromised, data that was stored in a non-encrypted state may be recoverable. I realize that there are some privacy modules on CPAN and that I did not use them. They can be difficult to install, and as far as I know will not enhance the security of this script.
Web Cryptomatic
on Sep 21, 2001 at 18:40 UTC
by oakbox
Update: Read the reply by no slogan about why this is NOT secure. Hopefully, you'll find this as educational as I am. ;)

A simple encrypt-decrypt web program that uses MD5 and One Time Pad together. It's as secure as: The 'seed' key used by the sender and the SSL encryption in your web browser.

What happens:

  • Read incoming text to encrypt and a unique 'seed'.
  • Get a MD5 hexhash of the seed, this produces a string of letters and numbers that will be used as the pad.
  • Pad the incoming text against the pad.
  • Hex encode the text so that it will fit over a 6-bit connection.
  • Checksum the hex code with another MD5 Digest
  • Display the encoded text and checksum to the sender.
  • Sender emails the endcoded text and checksum
  • Recipient enters encoded text, checksum, and 'seed'
  • Program reverses the above steps and prints out the original text

    As long as the 'seed' is sufficiently unique (RANDOM), is only used ONCE, and is SECRET, I think this scheme is pretty secure. This is my first shot at a crypto program and I would very much appreciate your input, suggestions, and corrections.

    You can see a working version of this script here. DEMO ONLY, it's not a SSL connection and is NOT SECURE.

  • CipherTextI
    on Jul 17, 2001 at 06:10 UTC
    by Steeeeeve
    Improved string cipher. Useful in protecting content of HTML textareas where a Javascript implementation is used by the client. The algorithm has also been implemented in Visual Basic.

    This improved version uses a randomly sorted key domain table to build a modified key used in a second cipher pass. The key domain now includes ASCII values from 32 to 96 decimal. Output domain is 32 to 159 but the values 128 to 159 are shifted so as to be compatible with all ISO-8859-1 implementations in transmission equipment as well as all Windows implementations.

    A patent is being sought to protect the author's right to his own innovation which uses a key attribute to articulate shifts applied to the modified key string. Its thought that the implementation demonstrates that there is some cryptographic value of a somewhat unique key attribute. The attribute is used to mask the values in the modified key as they are taken from the randomly sorted domain table. The attribute is also used to articulate shifts applied to the modified key. Applying these shifts is what creates a difference between the resulting cipher bits applied by very similar keys.

    Solving a CipherText message is not trivial. To date it has not been done. An attack will require some known plaintext and sufficient data for frequency analysis. Applying a truncated modified keystring of cipher bits in the second pass diffuses the recurring pattern to N*(N-1) message elements. It also serves to mask the actual key in the event that a message is broken and the same key is used to protect other items. The algorithm uses a data-dependent shift based on message length. This results in two different results when ciphering the word "Hello" and the word "Hello ". The feature is desireable for applications that would apply the same key to a series of short strings.

    If required, an ASCII compliant version can be obtained.
    Polyglot (crypto)
    on Jun 10, 2001 at 20:56 UTC
    by beretboy
    polyalphabetic encryption algoritm. CANNOT HANDLE MULTILINE. enter on line to be encoded and it will spit out cipher text. run with -d and it will decipher ciphertext
    Rabin Miller
    on May 23, 2001 at 00:55 UTC
    by Adam
    These functions provide a fast approach to testing the primality of numbers. Very useful in public key cryptography. This is based on the Rabin-Miller algorithm.

    Many thanks to MrNobo1024 (and Euclid) for gcd and to Tye for helping me debug.

    SabreHex
    on May 08, 2001 at 21:50 UTC
    by TStanley
    An encryption/decryption program using chromatic's Crypt::CipherSaber module.
    I also included an option to output the encrypted material in a hexidecimal format.
    Solitaire Crypto.
    on Mar 20, 2001 at 01:39 UTC
    by one4k4
    I found this rather old (year or two) article on /., and thought this might be a worthy submission into the cryptography category. Its rather fun, and quite the interesting idea. See here for a more detailed description.
    Frequency Analyzer
    on Mar 16, 2001 at 04:00 UTC
    by Big Willy
    Updated as of March 16, 2001 at 0120 UTC Does frequency analysis of a monoalphabetic enciphered message via STDIN. (Thanks to Adam for the $i catch).
    Wombat's Bit Scrambler
    on Mar 10, 2001 at 00:24 UTC
    by wombat
    I recognize that this is not a security group, but I figure there must be at least a few cypherpunks in the lot of you. I came up with this scheme for encrypting text, and submit it to you to see if anyone can come up with any obvious holes.

    The way this works, is a user types a passphrase which gets turned into a number between 0 and the maximum size of an integer (4,294,967,924). This number then is used to seed the random number generator. The program then collects single numbers between 0 and 7 by repeatedly calling rand(), until it has a bit vector. Then for each character of input, it maps the characters bits to the bit vector producing a scrambled character which it prints to STDOUT. By entering the same passphrase again, you get the same srand seed and thus can decrypt your bits at a later date.

    Features include:
    Arbitrarily long passphrases: Type as much as you like, the seed won't mind.
    Non-portability: (It's not a bug!) I realize that everyone has different random number generators. That's okay. I'm mostly using this to lock down my own personal secret files. I don't think the security would be compromised too much if a person sent the particulars of their random number generator along with cyphercode if they wanted a friend to get a message.
    No way to decrypt the text: I haven't coded the decryptor yet, so as of now, once encrypted, things STAY encrypted! :-)

    So yeah! Like, peer-review me and stuff! BTW: I do realize that this is "Weak security" at best, and probably can be defeated by brute force if so desired. I know. But BESIDES that... :-)

    ~W
    cbc
    on Nov 16, 2000 at 18:25 UTC
    by jettero
    A niffty utility to crypt text files using a password. It uses blowfish to do it. Sadly, because I used stty, I suspect that this program will not work under windows.
    bash$ cbc some_text_file
    bash$ cbc some_text_file.cbc
    bash$ cbc -c some_text_file.cbc
    
    pat - find words by matching pattern (for crypto)
    on Aug 21, 2000 at 07:26 UTC
    by merlyn
    Usage: pat ABCABC finds any word that has three repeated characters twice in a row (such as "murmur" in my dictionary). pat XYYX finds words that are four-character palindromes, such as "deed". In the result, X and Y must be different. So pat ABCDEFGHAB finds ten-letter words whose first two and last two characters are identical, but the remaining letters are all distinct, such as "thousandth" or "Englishmen".

    To require literal characters, use lowercase, as in pat fXXd, requiring an f, two identical letters, and a d, such as "food" or "feed".

    For grins, dumps the regex that the pattern has been transformed into, so you can write your own, or see how much work you're avoiding by using this program.

      "Fun for the entire family!" -- Rolling Stone magazine (but not about this program)

    Cheesy Encryption
    on Apr 27, 2000 at 18:04 UTC
    by ergowolf
    creesy ROT13 or caeser encryption. This was one of the first programs I wrote on my own. It does not preserve case.
    An Useless Cipher
    on Jul 26, 2009 at 13:47 UTC
    by Oromis92
    bah... something stupid, just for exercise.
    Yet Another Cryptogram Script
    on Mar 20, 2009 at 09:49 UTC
    by missingthepoint
    Yes, another one.
    Blowfish based password hashing
    on Dec 21, 2008 at 20:59 UTC
    by zentara
    Many linux/unix distibutions are moving up to a variation of blowfish to hash passwords. See blowfish password hashing for more details.

    The Crypt-Eksblowfish module gives Perl users the access to this, but the module has many parts and is not crystal clear on usage. This is just a clarified version of one of the modules test scripts, to show how you can use it.

    ARC4
    on Nov 29, 2008 at 12:04 UTC
    by Oromis92
    this is a very simple code to encode a file or a string by ARC4. I don't use modules. I'm a relatively perl newbie... so the code isn't perfect
    A better rand() for Win32
    on Jul 30, 2007 at 18:08 UTC
    by bitshiftleft
    With better random number generators in the unix environments (/dev/random). I was looking for something like it on Win32, and there is. My motive is that I think some games that base there learning on neural nets may be learning on the poor periodic rand() type of random number generation. This means that the Neural Net may be learning the next roll of the dice rather than the game strategy itself. The Perl rand() repeats every 32000 times. Cryptographically generated random numbers gather entropy to seed there generators.
    Crypt::Random::ISAAC - secure random number generator
    on Jun 10, 2005 at 20:25 UTC
    by radiantmatrix

    Update 2005-07.Jul-12: Version 0.92 ; new method for seed generation as a result of code feedback from PerlMonks. Thank you!


    NAME

    Crypt::Random::ISAAC - ISAAC Crypto-secure PRNG, using address allocation as seed.


    SYNOPSIS

    This is a drop-in replacement for Perl's rand(), but nothing is exported by default.

            use Crypt::Random::ISAAC 'rand';
            print rand();
            
            ## OR ##
            
            use Crypt::Random::ISAAC;
            print Crypt::Random::ISAAC::rand();
            
            ## OR ##
            
            use Crypt::Random::ISAAC qw'rand randinit';
            @Crypt::ISAAC::randrsl = @seed0..255;
            randinit(1); ## inits using seed value;
            print rand();

    This can be used with other modules like Crypt::RandPasswd in the following manner:

            use Crypt::Random::ISAAC;
            use Crypt::RandPasswd;
            *Crypt::RandPasswd::rng = \&Crypt::Random::ISAAC::rand;

    since our rand function has the same interface.


    DESCRIPTION

    A CSPRNG using natural timing (specific to exact CPU and load when run) as a seed, conforming to the ISAAC spec (considered Cryptograpically Secure). Core PRNG uses code originally (c)Bob Jenkins, 1996 and ported to Perl by John L. Allen, 2000. See http://burtleburtle.net/bob/rand/isaacafa.html for the original C code and the Perl translation.

    Initialization is peformed during module load, but can be repeated.


    CAVEATS

    Seed not tested
    Although the ISAAC algorithm has been well-tested for security, the method for choosing the random seed that is employed by this module has not. The seed is chosen by allocating memory for references, assigning the lower 32 bits of the address to each seed slot. The results are mixed somewhat before use, and care is taken to ensure that a contiguous block of addresses are not used.

    If this is not secure enough, the @randrsl array can be populated with seed values from a more entropic source (like /dev/random on *NIX). If this is done, you must call the randinit function to re-seed the generator. For example:

            if (-f '/dev/random') {
                    open RAND, '<', '/dev/random' or die('No read on random device');
                    for (0..255) { 
                            my $bytes;
                            read(RAND,$bytes,2);
                            $bytes = (ord(substr($bytes,0,1))<<16) + (ord(substr($bytes,1,1)));
                            $Crypt::Random::ISAAC::randrsl$_ = $bytes;
                    }
                    close RAND;
            }

    But then, if you have /dev/random, you probably don't need this module!

    Rand function wrapper insufficiently tested
    The replacement rand() relies on isaac() for its randomness. Some numerical conversion is done. While I don't believe this conversion has any effect on randomness, it has not been robustly tested. The author welcomes feedback on this function.


    HISTORY

    Version 0.9
    Released on PerlMonks http://www.perlmonks.com - original version.

    Version 0.91
    Not released, testing version

    Version 0.92
    Released on PerlMonks http://www.perlmonks.com - new random-seeder method; uses the lowest 32 bits of a series of addresses belonging to references. This should be hard to reproduce or guess.


    AUTHOR

    Darren Meyer <darren.meyer@gmail.com>, making heavy use of others' code.


    COPYRIGHT

    Original ISAAC code (c)1996 Bob Jenkins under a ``code is free and may be used as you wish'' license.

    Perl port (c)2000 John L. Allen under the same license as the original ISAAC code.

    This module is available under the terms of the MIT License, though the code by the above authors is unencumbered.:

    Copyright (c)2005 Darren Meyer

    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the ``Software''), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

    THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

    Decrypt and encrypt CVS password in .cvspass
    on May 17, 2005 at 12:15 UTC
    by bsdz
    This script descrambles CVS passwords normally found in your ~/.cvspass file. It also can generate scrambled passwords. I originally converted the C source code to Perl to recover an old CVS password.
    Crypt::OpenPGP - finding and using preferred SK algorithm
    on Feb 03, 2004 at 16:40 UTC
    by hv

    Crypt::OpenPGP provides no overt mechanism to interrogate a self-signed key to determine the owner's preferred encryption mechanisms. After pointers in Crypt::OpenPGP - determining which cipher to use I came up with this sample code that shows how you can do that.

    Caveats: delves into object innards, provided for education only, tested only with modern (v4) signatures, assumption that code is self-documenting may be dubious.

    CipherSaber
    on Jun 27, 2003 at 19:44 UTC
    by beretboy
    This is my own personal implementation of CipherSaber. It adheres to the CipherSaber-1 standard. It is slow, but if you want speed, use a C version.
    Crypt::Navajo
    on Jan 17, 2003 at 08:45 UTC
    by Cybercosis
    This module implements the code that was devised and used by the Navajo Code Talkers in the Pacific theater of WWII. The Code was instrumental to the Allied victory there.
    HPUX password merger
    on Dec 05, 2002 at 20:18 UTC
    by Limbic~Region
    http://www.users.dircon.co.uk/~crypto/ requires to work against a file in the format of /etc/passwd. Unfortunately on HPUX in trusted mode, the encrypted passwords for each user is stored in /tcb/files/auth/<first character of user name>/<user name> This little program goes through and creates a /tmp/passwords file with the encrypted password back in the second field.
    CryptoPad v2.00
    on Nov 29, 2002 at 17:21 UTC
    by sifukurt
    Here's the latest incarnation of CryptoPad. I've added two more encryption algorithms and moved the algorithms to a drop-down list, rather than each one having a separate button. Hopefully you'll find it useful. As always, constructive comments are welcome.
    Supervisor
    on Jun 18, 2002 at 06:18 UTC
    by zejames
    Supervisor is a set of 2 script :
    • Supervisor, that compares file md5 checksums with the ones stores in a fingerprint file
    • update, that updates information about supervised file into the fingerprint file
    SpamStego
    on Apr 22, 2002 at 02:28 UTC
    by beretboy
    Inspired by spammimic.com this code turns your message into spam-like text. Especially useful for hiding the true nature of encrypted messages.
    Transformation
    on Jan 28, 2002 at 15:58 UTC
    by Alex the Serb
    This script is tested on Linux platform, but could probably be run under Cygwin if Perl and GNU C compiler are installed. The script changes the original Perl script text by some values stored in @codes variable. Then, it makes the C file and make script for it to be compiled. After compilation the script is embeded in exe file, but its not visible in original form, so it will be not easy to change it in Hex editor. You could use this script with changed numbers in @codes variable every time you compile a new script. This will add additional difficulties to anyone who tries to crack it. Many thanks goes to Damian Conway, who told me to read perlembed, perlxs and stuff like that, because his module Morse.pm was not good enough! .. thanks dude! You call this script with one argument that points to Perl script that you want to transform. After transformation of the script, you should run make that was created during transformation. After that the file called "exe" is created. That is executable created from your script that will be executed real fast, much faster than using Damian's Morse or Bleach modules!!!

    Important: This script was tested on many Perl scripts, however, because the Perl interpreter is statically linked into executable, the size of new script will be: (the size of Perl interpretter) + (the size of integer) * (number of characters of your script)

    Also, the modules that are dinamically linked during execution must be available on the server that you are porting to. However, the most of you are like me (I don't port the scripts from one server to another that often), so you should probably compile Perl interpreter with dinamic library option libperl.so that will render Perl interpreter to only 15 Kb or so!

    Important2: Its after nearly 3-4 months of succesfull execution of executables made by this script that I dared myself to put it in here .. so there is no fear of bad stuff happening to your computer :)

    So, if you are paranoic like me or if you are surrounded by sharks .. like me .. feel free to use this script to protect your work from "accidental" change.

    Update: Its acctually a good thing to repeat some of the codes, because the fact that every code is different from any other incresses the probability of cracking!
    Blowfish using Inline::C
    on Jan 26, 2002 at 04:41 UTC
    by ton
    I wrote a C implementation of Crypt::CBC in Blowfish mode, and tied it to Perl using the excellent Inline module. The result is a perl package that is roughly ten times faster than Crypt::CBC. All comments are welcome!

    Sample Use

    my $obj = Blowfish->new($passphrase, length($passphrase)); my $crypttext = $obj->Encrypt($text, length($text)); my $plaintext = $obj->Decrypt($crypttext, length($crypttext));
    Vigenere Cipher: Encode and Decode
    on Jan 18, 2002 at 06:14 UTC
    by mrbbking

    This is a complete and historically accurate implementation of the Vigenere cipher. According to The Code Book, by Simon Singh, (Doubleday, 1999, ISBN 0385495315) Blaise de Vigenere formalized this cipher system based on the earlier work of Battista Alberti, Johannes Trithemius and Giovanni Porta.

    This cipher is defined to function only on letters, and only with a key comprised exclusively of letters. Among this cipher's strengths is that only the encrypted letters are included in the ciphertext.
    All punctuation and spaces are removed, so the ciphertext is an unbroken string of letters. No word breaks or punctuation to help in cryptanalysis.

    Don't take that to mean this is secure against anyone serious.
    It isn't.

    There is a recent reference to a module called Crypt::Vigenere by Alistair Mills, but a CPAN search does not locate it as of 2002-01-13.
    Discussion of the submission of that module is at: http://archive.develooper.com/modules@perl.org/msg08962.html

    Shred
    on Jan 04, 2002 at 22:38 UTC
    by descartes
    A quick-and-dirty script I whipped up to securely delete files up to and beyond Orange Book standards. The default is seven passes over overwriting first with 0's, then with 1's, then with a cryptographically secure mechanism (In this case, blowfish using /dev/urandom). It is very messy, in that it uses /dev/urandom for all of its input, so on a very large file (or after many files), the entropy will become less and less random, but I'll likely do something about that when I get some time. Any other input would be appreciated.
    CryptoPad
    on Dec 28, 2001 at 23:49 UTC
    by sifukurt
    This script started off as one of those "I wonder if I can do this" sort of things. I wanted to get more proficient at using Tk, and I really just did it for the challenge and for the fun. I can't make any claims as to the overall level of security it provides. If you use it insecurely, it'll be insecure, simple as that. It does require several modules, all of which are listed at the top of the script. I really only designed it with mild security in mind, so if you use it for matters of national security, you do so at your own risk.

    Hopefully you'll find it at least somewhat useful.

    UPDATE: The problem with the zero length file output (detailed below) was a very careless error on my part. I apologize for any inconvenience this may have caused. I have corrected the error in the code contained herein.
    Ximp
    on Dec 02, 2001 at 04:27 UTC
    by beretboy
    A encryption algorithm. That I whipped up. Takes file name as command line argument, -d switch sets it into decrypt mode. Key can be anything but the longer the better.XIMP stands for XIMP Is Mucho Polyalphabetic. DISCLAIMER: This should by no means be taken seriously! It was simply an experiment! This is by no means real crypto and could be cracked by anyone with even limited knowledge of cryptography.
    Personal crypting algorithm
    on Nov 05, 2001 at 00:59 UTC
    by Asmo
    This is my first package. It seems to work fine ;) It's some sort of personal encryption algorithm that uses XOR, pack, tr, and some weird key transformations.

    To use it :

    require 'asmocript.pl';

    AsmoCrypt::acrypt($sentence,$key); to crypt a sentence and
    AsmoCrypt::adecrypt($sentence,$key); to uncrypt a crypted sentence.

    I apologize for my bad english ;)

    Asmo
    crypt_edit.pl
    on Oct 10, 2001 at 03:00 UTC
    by ichimunki
    Extremely light-weight Tk text editor that saves text to an encrypted file using GnuPG or PGP (or any other reasonably similar encryption utility). Does not yet include the ability to sign text. Will not protect you from keyboard sniffers, shared memory issues, x-ray vision, or users of PSI::ESP. This script's only intent is to make it possible to type some text and encrypt it to disk without first having to save the text to a file. Saving the plain text to a file may be fine for information in transit, but if your machine starts out secure, but is later compromised, data that was stored in a non-encrypted state may be recoverable. I realize that there are some privacy modules on CPAN and that I did not use them. They can be difficult to install, and as far as I know will not enhance the security of this script.
    Web Cryptomatic
    on Sep 21, 2001 at 18:40 UTC
    by oakbox
    Update: Read the reply by no slogan about why this is NOT secure. Hopefully, you'll find this as educational as I am. ;)

    A simple encrypt-decrypt web program that uses MD5 and One Time Pad together. It's as secure as: The 'seed' key used by the sender and the SSL encryption in your web browser.

    What happens:

  • Read incoming text to encrypt and a unique 'seed'.
  • Get a MD5 hexhash of the seed, this produces a string of letters and numbers that will be used as the pad.
  • Pad the incoming text against the pad.
  • Hex encode the text so that it will fit over a 6-bit connection.
  • Checksum the hex code with another MD5 Digest
  • Display the encoded text and checksum to the sender.
  • Sender emails the endcoded text and checksum
  • Recipient enters encoded text, checksum, and 'seed'
  • Program reverses the above steps and prints out the original text

    As long as the 'seed' is sufficiently unique (RANDOM), is only used ONCE, and is SECRET, I think this scheme is pretty secure. This is my first shot at a crypto program and I would very much appreciate your input, suggestions, and corrections.

    You can see a working version of this script here. DEMO ONLY, it's not a SSL connection and is NOT SECURE.

  • CipherTextI
    on Jul 17, 2001 at 06:10 UTC
    by Steeeeeve
    Improved string cipher. Useful in protecting content of HTML textareas where a Javascript implementation is used by the client. The algorithm has also been implemented in Visual Basic.

    This improved version uses a randomly sorted key domain table to build a modified key used in a second cipher pass. The key domain now includes ASCII values from 32 to 96 decimal. Output domain is 32 to 159 but the values 128 to 159 are shifted so as to be compatible with all ISO-8859-1 implementations in transmission equipment as well as all Windows implementations.

    A patent is being sought to protect the author's right to his own innovation which uses a key attribute to articulate shifts applied to the modified key string. Its thought that the implementation demonstrates that there is some cryptographic value of a somewhat unique key attribute. The attribute is used to mask the values in the modified key as they are taken from the randomly sorted domain table. The attribute is also used to articulate shifts applied to the modified key. Applying these shifts is what creates a difference between the resulting cipher bits applied by very similar keys.

    Solving a CipherText message is not trivial. To date it has not been done. An attack will require some known plaintext and sufficient data for frequency analysis. Applying a truncated modified keystring of cipher bits in the second pass diffuses the recurring pattern to N*(N-1) message elements. It also serves to mask the actual key in the event that a message is broken and the same key is used to protect other items. The algorithm uses a data-dependent shift based on message length. This results in two different results when ciphering the word "Hello" and the word "Hello ". The feature is desireable for applications that would apply the same key to a series of short strings.

    If required, an ASCII compliant version can be obtained.
    Polyglot (crypto)
    on Jun 10, 2001 at 20:56 UTC
    by beretboy
    polyalphabetic encryption algoritm. CANNOT HANDLE MULTILINE. enter on line to be encoded and it will spit out cipher text. run with -d and it will decipher ciphertext
    Rabin Miller
    on May 23, 2001 at 00:55 UTC
    by Adam
    These functions provide a fast approach to testing the primality of numbers. Very useful in public key cryptography. This is based on the Rabin-Miller algorithm.

    Many thanks to MrNobo1024 (and Euclid) for gcd and to Tye for helping me debug.

    SabreHex
    on May 08, 2001 at 21:50 UTC
    by TStanley
    An encryption/decryption program using chromatic's Crypt::CipherSaber module.
    I also included an option to output the encrypted material in a hexidecimal format.
    Solitaire Crypto.
    on Mar 20, 2001 at 01:39 UTC
    by one4k4
    I found this rather old (year or two) article on /., and thought this might be a worthy submission into the cryptography category. Its rather fun, and quite the interesting idea. See here for a more detailed description.
    Frequency Analyzer
    on Mar 16, 2001 at 04:00 UTC
    by Big Willy
    Updated as of March 16, 2001 at 0120 UTC Does frequency analysis of a monoalphabetic enciphered message via STDIN. (Thanks to Adam for the $i catch).
    Wombat's Bit Scrambler
    on Mar 10, 2001 at 00:24 UTC
    by wombat
    I recognize that this is not a security group, but I figure there must be at least a few cypherpunks in the lot of you. I came up with this scheme for encrypting text, and submit it to you to see if anyone can come up with any obvious holes.

    The way this works, is a user types a passphrase which gets turned into a number between 0 and the maximum size of an integer (4,294,967,924). This number then is used to seed the random number generator. The program then collects single numbers between 0 and 7 by repeatedly calling rand(), until it has a bit vector. Then for each character of input, it maps the characters bits to the bit vector producing a scrambled character which it prints to STDOUT. By entering the same passphrase again, you get the same srand seed and thus can decrypt your bits at a later date.

    Features include:
    Arbitrarily long passphrases: Type as much as you like, the seed won't mind.
    Non-portability: (It's not a bug!) I realize that everyone has different random number generators. That's okay. I'm mostly using this to lock down my own personal secret files. I don't think the security would be compromised too much if a person sent the particulars of their random number generator along with cyphercode if they wanted a friend to get a message.
    No way to decrypt the text: I haven't coded the decryptor yet, so as of now, once encrypted, things STAY encrypted! :-)

    So yeah! Like, peer-review me and stuff! BTW: I do realize that this is "Weak security" at best, and probably can be defeated by brute force if so desired. I know. But BESIDES that... :-)

    ~W
    cbc
    on Nov 16, 2000 at 18:25 UTC
    by jettero
    A niffty utility to crypt text files using a password. It uses blowfish to do it. Sadly, because I used stty, I suspect that this program will not work under windows.
    bash$ cbc some_text_file
    bash$ cbc some_text_file.cbc
    bash$ cbc -c some_text_file.cbc
    
    pat - find words by matching pattern (for crypto)
    on Aug 21, 2000 at 07:26 UTC
    by merlyn
    Usage: pat ABCABC finds any word that has three repeated characters twice in a row (such as "murmur" in my dictionary). pat XYYX finds words that are four-character palindromes, such as "deed". In the result, X and Y must be different. So pat ABCDEFGHAB finds ten-letter words whose first two and last two characters are identical, but the remaining letters are all distinct, such as "thousandth" or "Englishmen".

    To require literal characters, use lowercase, as in pat fXXd, requiring an f, two identical letters, and a d, such as "food" or "feed".

    For grins, dumps the regex that the pattern has been transformed into, so you can write your own, or see how much work you're avoiding by using this program.

      "Fun for the entire family!" -- Rolling Stone magazine (but not about this program)

    Cheesy Encryption
    on Apr 27, 2000 at 18:04 UTC
    by ergowolf
    creesy ROT13 or caeser encryption. This was one of the first programs I wrote on my own. It does not preserve case.
    Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Domain Nodelet?
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this?Last hourOther CB clients
    Other Users?
    Others drinking their drinks and smoking their pipes about the Monastery: (3)
    As of 2024-03-19 05:25 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      No recent polls found