I just had a look at Crypt::OTP. Gack. Let's just say that the author was cryptographically unsophisticated.

Ouch. That's a little uncalled for, I think. As I said in the POD for Crypt::OTP, the safest method (that is, the method that should be used) is to use a large pad file. I take for granted that you're referring to the second, substantially less secure method that I worked into Crypt::OTP. Again, as I said in the POD, it is substantially less secure. That method, quite obviously, isn't intended to be used for anything that requires any serious degree of security. I included it in the module because 1.) it was already there because I used it for testing purposes; 2.) some people are going to use the module that way anyway; and 3.) it is handy for things that really only require the most modest level of security. Your point on the proper use of one-time pad encryption is absolutely correct. You aren't supposed to reuse anything. Period. End of discussion. But as with any tool, it is only as good as the way that you use it. If you use it in an insecure fashion, it will be insecure. The shortcoming is not a result of being "cryptographically unsophisticated." I'm not about to sit here and claim to be an international authority on the subject of cryptography. However, I have more than my fair share of experience in the field. I've read the books, attended the seminars, taken the classes, had memberships at one time or another in probably six or eight security related organizations, etc., etc., etc. At no time have I ever claimed that my implementation of OTP is the cryptographic magic bullet, so to speak. If you use it correctly, it will serve you in good stead. If you use it incorrectly, well, you're doing it at your own risk. Taking all of that into account, that you would make assumptions about my level of cryptographic sophistication without knowing me or anything about me, I find rather disturbing.
___________________
Kurt

In reply to Re: Re: Web Cryptomatic by sifukurt
in thread Web Cryptomatic by oakbox

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.