Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight

Encryption in Perl?

by Gorby (Monk)
on Jul 19, 2004 at 14:02 UTC ( #375551=perlquestion: print w/replies, xml ) Need Help??

Gorby has asked for the wisdom of the Perl Monks concerning the following question:

Hello Wise Monks,

I'd like to know whether there is a function or a module that I can use to encrypt and decrypt plain text. Could there be a module that does this using an internationally accepted standard?

Thanks in advance for your help.


Replies are listed 'Best First'.
Re: Encryption in Perl?
by edan (Curate) on Jul 19, 2004 at 14:05 UTC
Re: Encryption in Perl?
by gellyfish (Monsignor) on Jul 19, 2004 at 14:06 UTC

    I think if you were to look here you should be able to find something that suits your purposes.


Re: Encryption in Perl?
by xorl (Deacon) on Jul 19, 2004 at 14:09 UTC
      AFAICT, this is the "encryption" loop from My::Crypt:
      for ($j = 0; $j < length($a); $j++) { substr($a, $j, 1) += substr($b, $i, 1); substr($a, $j, 1) = 0 if substr($a, $j, 1) == 2; $i = 0 if ++$i > length($priv); }
      In other words, it's a completely naive implementation of simple XOR. Avoid at all costs.
        On the other hand the one-time pad, which is a Vignère ('simple XOR') variant with key length equal to or greater than the plain text length, is the only possible encryption algorithm with perfect secrecy, as was proven by Shannon.
        Most other applications of the Vignère cipher (I just hesitate to say 'all') are quite easy to break, which everyone who ever attempted to break it will have found out.
        The point is that "encryption/decryption" is not enough information to decide which algorithm to use. Even ROT13 can be permissible when the issue is not reasonable secrecy but the fear of revealing data to someone who does not want to know it.
        And here we are. My advice to the OP: Unless you only meant to find modules and already read a couple of books on cryptology and cryptanalysis, better do it now. It is not neccessary, but in my eyes it'll help you understand your problem better. References: Gaines, Schneier, etc., pp.
        Hope this helped.

        Entropy is the tendency of everything going to hell.
Re: Encryption in Perl?
by wufnik (Friar) on Jul 19, 2004 at 15:21 UTC
    well, it's not an internationally accepted standard, but it's interesting, and reasonably secure. the following presented as an almost useable curiosity, rather than a bullet proof cryptofactory:

    as described in cryptonomicon, by neal stephenson, here is ian goldberg's solitaire encryption in perl, with comments to help out.

    -- in the world of the mules there are no rules --
Re: Encryption in Perl?
by crep (Novice) on Jul 19, 2004 at 14:51 UTC
    I wrote (with the help of these nice perl monks) a script the other day to encrypt a file using blowfish. Blowfish is accepted around the world, but only slightly less than PGP. Encryption can be acceived using the crypt::cbc module. It allows you to use all sorts of different types. Search it on google, i think the first or second site shows use and example code. :) -Jack C

      Of course since blowfish is a symetric algorithm you'd need to arrange a secure channel for exchanging keys (say by using a public key algorithm like El Gamal or RSA). And you'd have to come up with a message format. Then to avoid tampering you'd want a MAC. And . . . and . . . and . . . . At which time you'd have probably reimplemented something resembling PGP.

      Just remember, doing crypto correctly is hard even for people that know what they're doing. Going with something standard that's been gone over by many eyeballs is more than likely going to be more secure than rolling your own.

      Blowfish is an excellent choice. However, if you are
      looking for something widely accepted, you should look at
      Rijndael, the new AES (Advanced encryption standard).

Re: Encryption in Perl?
by december (Pilgrim) on Aug 03, 2004 at 04:17 UTC

    If you don't mind to install a lot of perl modules, you could use Crypt::OpenPGP. I've been using it for a while, and it works quite well. You can find PGP software for pretty much any platform, so you could code/decode the files anywhere, even without Perl installed.

    If installing the dependencies is too much work for you, most crypto modules for popular ciphers are safe and pretty 'standard' - try Crypt::Blowfish or Crypt::Rijndael, for instance. The former has shown it's use and security, the latter has been chosen as standard cypher for encryption of official data by e.g. the American government.

Re: Encryption in Perl?
by Wassercrats (Initiate) on Jul 20, 2004 at 05:27 UTC
    When looking for a cypher module, I'd choose one of the final five AES candidates (MARS, RC6, Rijndael, Serpent and Twofish). I'm basing my choice of password manager on that list, with preference to the winner (Rijndael).

    I gathered some information here, on seven password managers for Windows, that I might turn into a review. Anyone who knows (or doesn't) about this stuff, feel free to comment.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://375551]
Approved by edan
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (1)
As of 2023-06-08 05:39 GMT
Find Nodes?
    Voting Booth?
    How often do you go to conferences?

    Results (29 votes). Check out past polls.