Re: Re: Encryption/Decryption

$cipher = $rc5->encrypt($file); This encrypts in ECB mode. Don't do that. IMAO, don't use any crypto module by Kurt Kincaid.

If you're on WinXP, maybe you don't have a compiler, so you either need to find a precompiled crypto module (in .ppm format, maybe), or use a pure perl implementation. Those are usually named with _PP or ::Perl on the end. They're slower, but it won't matter much for short strings.

Comment on Re: Re: Encryption/Decryption Download Code

Replies are listed 'Best First'.
Re: Re: Re: Encryption/Decryption by Anonymous Monk on Jan 08, 2004 at 16:15 UTC
IMAO, don't use any crypto module by Kurt Kincaid. Explain arrogant opinion.	[reply]
Re: Re: Re: Re: Encryption/Decryption by Anonymous Monk on Jan 08, 2004 at 17:06 UTC
Let's take Crypt::RC5 as an example. It's a block cipher, so it can't be used safely without a mode like CBC (the "default" mode, ECB, leaks a lot of information and is very vulnerable to block-shuffling replay attacks). There's a nice module, Crypt::CBC, which adds CBC support to any compatible block cipher, but Crypt::RC5 is not compatible (it doesn't define the blocksize and keysize methods, and its constructor has an extra required parameter). So although Crypt::RC5 does appear to be a correct implementation of RC5, it's basically useless because you need to code the CBC padding and chaining stuff yourself if you want to use it securely. Mr. Kincaid refuses to listen to this type of criticism, preferring instead to argue that it's not his job to make sure people write secure code with his modules. Crypt::RC5 appears to have made a half-hearted attempt at supporting CBC mode. There's a decrypt_iv function which seems to do CBC mode decryption, but it's undocumented, doesn't handle padding, and there's no corresponding encrypt_iv.	[reply]