Re: Re: Re: Web Cryptomatic

It doesn't matter how long your "pad" is, if you cycle through it in a predictable fashion. If the message is longer than the key, you will reuse key bytes. If you reuse key bytes, you're a sitting duck. 256 bytes of encrypted English text would be easy to break in a matter of minutes. Half that or less would probably be enough.

When you're doing crypto, don't try to get clever. Use a real cipher module like Crypt::Rijndael or Crypt::IDEA or whatever. There was an article on crypto modules on perl.com recently.

If for some reason you can't use one of those, there are secure ways to use hash functions like MD5 for encryption. You have to be very careful, though, because that's not what they were designed to do. For details, see <cite>Applied Cryptography</cite>.

Comment on Re: Re: Re: Web Cryptomatic

Replies are listed 'Best First'.
Re: : Web Cryptomatic by oakbox (Chaplain) on Sep 25, 2001 at 20:00 UTC
>When you're doing crypto, don't try to get clever. Use a real cipher module . . . You know, this was a little hard to swallow, because I consider myself to be such a clever fellow. I played around with a bunch of different schemes to derive larger pads from a password and ended up feeling like my brains were turning to mush. After spending too much time on what, in the beginning, was a simple problem, I realize I don't know jack about cryptography and should leave it in the hands of people who know what they are doing :) Again, thanks for the advice and pointing out the correct direction to a fellow monk. -oakbox	[reply]
Learning Crypto (was Cryptomatic) by no_slogan (Deacon) on Sep 25, 2001 at 22:59 UTC
>When you're doing crypto, don't try to get clever. You know, this was a little hard to swallow, because I consider myself to be such a clever fellow. I didn't mean to be such a downer. If you're interested in crypto, don't give up. Just use your hubris somewhere it will be productive. Instead of saying to yourself "I can design my own cipher," start with "I can figure out why these other ciphers are designed the way they are." That means both understanding how encryption algorithms work, and what attacks are possible against them. A lot of amazingly smart people have thought about that, and you can learn a lot from their work. So find yourself a good book and dig in - that's what I've been doing.	[reply]