http://www.perlmonks.org?node_id=608414


in reply to Small encryption script

Probably the best way to do this would be to use OpenSSL, which comes with most Linux distributions and Cygwin,
openssl enc -aes-256-cbc -a -in plaintextfile -out cypherfile
and
openssl enc -d -aes-256-cbc -a -in cypherfile -out plaintextfile
will do everything for you including the "salting" operation and (with -a) making the cyphertext into base64 printable characters. If you want a Perl interface, openssl has plenty.

You will be a lot safer using a heavily-tested common utility than rolling your own, IMHO.

Unless you really know what you are doing, never use RC4! To quote from Wikipedia's article on Rc4, "While remarkable in its simplicity, RC4 falls short of the high standards of security set by cryptographers, and some ways of using RC4 can lead to very insecure cryptosystems (including WEP). It is not recommended for use in new systems.".

If you really want to/need to do it yourself, AES would be a safer choice, preferable AES-256. (AES doesn't slow down too much as the number of key bits increases; AES-256 is actually faster than the old standard triple-DES on every PC platform I've tried.) You might try Crypt::GCrypt, or Crypt::Rijndael_PP if you prefer pure Perl (slow, but that shouldn't matter much for a password container.)

Also, it is good practice to take a digest of your passphrase (Digest::SHA256 for instance) so that you can use long passphrases that have high entropy. OpenSSL will take care of that for you, using its own hashing algorithm.