Crypt::Ciphersaber is pure-Perl, fairly fast, and is slightly more complex than RC4. If you use Ciphersaber level 2, it's slower but more secure. It's very easy to install, too.
I'm not aware of any specific attacks, but I don't do the math necessary to be sure. | [reply] |
Hmm, I thought Ciphersaber was basically RC4 with a little header. I'll take another look at it.
(later) I see. "level 2" was added as a response to that weakness.
The thing about RC4 was the presence of weak keys. The paper was a proof, but too technical to really understand as a user. I would suppose that one could preprocess the key string or postprocess the permutation (the thing that the passphrase generates) to avoid the weak keys, but nothing like that was stated. If Ciphersaber tracks these kinds of issues, as a slightly higher level than raw RC4 it indeed looks attractive.
—John
| [reply] |
AES implementation in pure Perl: Crypt::Rijndael_PP. :)
I'm sure it's pretty slow (the docs would seem to agree), but maybe speed is not the main thing you care about.
The only drawback with it is that is built-in CBC is not compatible w/ Crypt::Rijndael in CBC mode. I don't know why, that's just what the docs say. This could potentially require you to use Crypt::CBC for compatibility purposes.
If you really do want speed, check out Crypt::Rijndael. It is self-contained, in that it has a built-in CBC mode, so you don't need to rely on Crypt::CBC. It is XS, however, so that may be a potential turnoff for you.
(BTW if you feel like it keep me posted on your work with Crypt::OpenPGP; I'd be interested in hearing what you're doing with it. :) | [reply] |
P.S. the reason I want something like that is because RC4 isn't as good as it used to be, it seems. jepri pointed out a paper on new attacks in another post.
Also, s/Symetric/Symmetric/ (I can't edit the top-level node) | [reply] |
This just came in on a mailing list, and I thought
it was pertinent, though I'm in no position to have
an opinion one way or the other.
>From: "Young, Mike" <myoung@rsasecurity.com>
>To: "'farber@cis.upenn.edu'" <farber@cis.upenn.edu>
>Subject: RE: Wired: Wireless Networks in Big Trouble
>Date: Wed, 22 Aug 2001 10:14:22 -0400
>
>Dave,
>
>Some people have been spreading the rumour that since WEP is not secure, RC4
>( the underlying symmetric encryption algorithm, is not secure either). WEP
>is a poorly implemented solution using RSA patented and trade secret
>algorithms, key material is sent lightly encryption and re-used, which is
>not secure. RC4 is still the most used algorithm today, along with the RSA
>asymmetric algorithm, makes up SSL technology. RC4 has been used over a
>billion times, more than any other piece of software, even Microsoft. Its
>security is proven day after day.
>
>Ron Rivest (the R in RSA, the R in RC4, The R in RC6) has written a
>preliminary response to WEP insecurity. Once the lawyers approve it, it will
>be posted on www.rsasecurity.com/rsalabs
>
>BTW, my email is now myoung@rsasecurity.com Xcert was bought by RSA several
>months ago.
>
>MJY
>
>
>Michael J. Young
>Sr. Systems Engineer
>OEM and Developer Solutions
>Worldwide Plaza, Mezzanine West
>825 Eighth Avenue (at 50th St.)
>New York, NY 10019 USA
-Blake | [reply] |