The streaming interface isn't bad, but a module that used XS and could process the text in chunks would be faster. Also, be aware that CipherSaber uses symmetric encryption, so there's a shared secret key.

Finally, I haven't touched the code in at least two and a half years; I might do it much differently these days.

Thanks for the comments,

In fact CipherSaber is not alone when it comes to lack of activity! Most of the crypt modules haven't been touched in some time.

jdtoronto

You have a bit of a problem in that last time I looked ActiveState had dropped support for the Crypt:: modules due to legal issues. See here on ASPN which gives you apologies and links to Randy Kobes repository. I don't know if CipherSaber is available as a ppm or not. That repository is down at the moment. I do know it is Pure Perl and as a result it will quite probably be a lot slower than C/XS based modules. Also a ppm is fairly redundant.

In terms of speed why not check yourself? Symetric ciphers are much faster that public/private key algorithms (PKI), in fact things like PGP only use PKI (RSA in that case) to encrypt the key. The rest of the plaintext is encoded with IDEA which is a symetric cipher. With a symetric cipher you have to share the secret key of course. Also you need a key length of about 3N with PKI to get roughly the same security as a symetric cipher key length N. Yes this is a generalisation. No my crypto is not good enough to prove it. I tend to use Blowfish but that is really only because I thought the name was kinda funky ;-) PGP is probably a good option if you want an assymetric PKI. IDEA is probably as good as any in practice for a symmetric.

But what can I say, I get really strange images in my head, and a wierd grin on my face, every time I use Blowfish :=) Twofish is also good, but I like fishing. Twofish2 is less brain dead, or so the author says, and it does have a certain symmetry. Given that 99.99%+ of us have no real idea how secure a cryptosystem is I think choosing a module based on the funkiness of the name is as good an algorithm as most.

I don't know if CipherSaber is available as a ppm or not.

Yes it is. I was able to install it from the PPM (ActiveState Perl Build 810 (Perl 5.8.4)


TStanley
--------
The only thing necessary for the triumph of evil is for good men to do nothing -- Edmund Burke

Thanks tachyon,

Yeah, some of the names are really neat eh? I have been using Blowfish in my **nix stuff for a while now. But this app requires cross platform compatibility (we have users on all major Perl platforms with this app).

One of my colleagues who does FPGA stuff for me has an implementation of Rijndael running in an Altera Stratix device which we use for secure data transmission over fibre, we have also done Twofish and Blowfish which some clients prefer. We have a somewhat advanced cordless phone prototype here - it is called the 'Blow-Phone' - guess which encryption stadard it uses :)

For whatever reason it seems that things have changed at ActiveState. I checked last night and they have a variety of Crypt:: modules there now, including CipherSabre, Twofish, DES and TripleDES. CipherSabre I was able to instyall, the others - no, sadly. They seem to be listed by the repository but not actually available.

jdtoronto

Crypt::CipherSaber is a stream cipher based on RC4. RC4 has some vulnerabilities. Also, it is easy to misuse stream cipher and lose the security; this is what happened with the design of WEP. The advantage is that it is fast, simple, and implemented in Perl.

Crypt::Rijndael is an XS implementation and should really fast. Crypt::Rijndael_PP is a pure Perl implementation but it is supposed to be slow. If you can install XS modules, I would go with Crypt::Rijndael and not worry about the security.