I am also not an encryption guru. I looked at specs for the module that you are using based on RC4 and it appears that this provides pretty good security. There are a *lot* of encryption methods and I can't recommend one over another. I personally would not assume that a few years old means "bad". I think all of these robust algorithms are going to generate binary bits (including non-printable characters).

You say "what I'm most interested is that the encrypted password is comprised of a string of text, rather than a binary glob". One simple idea would be to just uuencode this binary bunch of bits so that you can store it as printable ASCII in the DB and then uudecode it back to the binary in order to run through the decrypt process which will also result in ASCII. It just seems to me that you can continue to use something that you are familiar with, the new thing being storing the encrypted binary text as a uuencoded string (printable ASCII) instead of raw binary.

Just a thought from a non-security guy. I am quite sure that this discussion can get into literally mind-numbing detail. How much work you put into this has a lot to do with how important the information is and how determined the "bad guys" are at getting it. I would suspect that the pass phrase encryption algorithm is not the weakest link in the security chain.

In reply to Re: Crypt::CipherSaber replacement... Crypt::CBC? by Marshall
in thread Crypt::CipherSaber replacement... Crypt::CBC? by skazat

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.