Nik has asked for the wisdom of the Perl Monks concerning the following question: 

#!/usr/bin/perl

$toBeEncrypted = "hi there";
$key = "nikos";

$encrypted = $toBeEncrypted ^ $key;
print "encrypted = $encrypted\n";

$decrypted = $encrypted ^ $key;
print "decrypted = $decrypted\n";

[download]
I made the above script as a test and it works ok but i dont understand how the '^' works to get the original text encrypter after applying the $key. It must be soemthign withe bits i think. Do you know anything more on this?

Replies are listed 'Best First'.
Re: Simple Encryption question
by crashtest (Curate) on Apr 10, 2005 at 21:04 UTC
    The ^ operator does bitwise XOR, and you're doing something called XOR encryption. Check the web for explanations on how it works.

    In my experience, programs that need to "casually" encrypt some data will use this algorithm, because it is so simple to implement. For instance, I have a telnet program that stores configuration information (including the password) in a plain text file. It uses XOR encryption to encode the password in the file.

    One of the biggest weaknesses of this method is that if you can get a hold of both the encrypted and the unencrypted version of a value, you can decode the key using XOR as well: 
    #!/usr/bin/perl

$toBeEncrypted = "hi there";
$key = "nikos";

$encrypted = $toBeEncrypted ^ $key;

print $encrypted ^ $toBeEncrypted; # Prints "nikos"

    [download]
[reply]
[d/l]
[select]
Re: Simple Encryption question
by moot (Chaplain) on Apr 10, 2005 at 19:02 UTC
    You may want to look up what Exclusive-Or means. You don't want to use it for encryption.
[reply]
    A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Simple Encryption question
by cazz (Pilgrim) on Apr 11, 2005 at 00:54 UTC
    PLEASE PLEASE PLEASE do not roll your own encryption. If you want encryption, use one of the many decent well known and well tested crypto systems.

    Crypt::CBC is a good place to start.

[reply]
      There's even a few Pure Perl implementations, in case you can't install XS based modules — for example, because it's not your own system. Check for the substring "PP" in the module/distribution name: try a CPAN search for crypt PP.

      Pure Perl modules usually don't require proper "installation".

[reply]
        This post proves that reading a thread entirely rewards you 99% of times; you can't never tell where you're going to really learn something new. ++!

        Flavio (perl -e "print(scalar(reverse('ti.xittelop@oivalf')))")

        Don't fool yourself.
[reply]
Re: Simple Encryption question
by Joost (Canon) on Apr 10, 2005 at 19:05 UTC
[reply]
Re: Simple Encryption question
by zentara (Cardinal) on Apr 11, 2005 at 12:55 UTC
    Think your keys are safe? Here is an interesting article on how the Secret Service is cracking encryption. Distributed cracking .

    Basically, people will almost always leave either the key or a fragment of the key, "somewhere" on their harddrive. This can be totally unintentional, like using some highschool friend's name as a key, then having the name in an address book or old email somewhere. The distributed technique, will find every unique word in your filesystem, and using a "seti-style distributed attack", will try every word against your encrypted binary. This would also be useful in finding gpg-secret-key passwords.

    I'm not really a human, but I play one on earth. flash japh
[reply]

Back to Seekers of Perl Wisdom