Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks: I am trying to use Crypt::Simple to encrypt some data. However I get the same results whether I use a passphrase or not. As a matter of fact the passphrase seems to be irrelevant. I was under the impression that I should get different results if I use a different passphrase. What am I missing. Thanks a lot. 
  use Crypt::Simple (passphrase=>'myTestPhrase');
  
  my $data = encrypt("Here we go");
  print "Encrypted: $data\n";
  use Crypt::Simple (passphrase=>'Another_tEst_Trial');
  my $samething = decrypt($data);
  print "Decrypted: $samething\n";

[download]

Replies are listed 'Best First'.
Re: Crypt::Simple Passphrase Issue
by liverpole (Monsignor) on May 17, 2006 at 12:57 UTC
    Looking at the documentation for Crypt::Simple, it is apparently only the encryption phase which takes a passphrase.  Therefore, it appears you will always get your encrypted data successfully decrypted when using decrypt.

    That's not to say the passphrase doesn't matter, though.  You can verify that using a different passphrase produces different results: 

    #!/usr/bin/perl -w
                                                                      
+          
use strict;
use warnings;
                                                                      
+          
use Crypt::Simple qw(encrypt decrypt);
                                                                      
+          
my $data1 = encrypt("Here we go", passphrase => 'myTestPhrase');
my $data2 = encrypt("Here we go", passphrase => 'AnotherTestPhrase');
print "Encrypted(1): $data1\n";
print "Encrypted(2): $data2\n";
                                                                      
+          
my $result1 = decrypt($data1);
my $result2 = decrypt($data2);
print "Decrypted(1): $result1\n";
print "Decrypted(2): $result2\n";

    [download]
    which produces ... 
    Encrypted(1): Qf9g4cqQ/6xXgqvcPLJA6u9PZ4jPgegPrsBCsFaPch3LDsaN6TjN6xjL
+jebw4yPFNO2rEBTUgISSkiX1v2Aelt4qmHFcd6nF
Encrypted(2): qymmKtF/LXb+HIZe6ZCFS8xtLadYkS+09dZ8zxAvL+r9Rw+GjkeBMc8y
+e++Yl/s/DxJppvKQm2ToJ78mENTuxcc8fUMrKdZbHuWGiMBxgK0=
Decrypted(1): Here we go
Decrypted(2): Here we go

    [download]
    s''(q.S:$/9=(T1';s;(..)(..);$..=substr+crypt($1,$2),2,3;eg;print$..$/
[reply]
[d/l]
[select]
      Thanks Liverpole for the quick reply. But does not that defeat the whole purpose of a passphrase? The data should only be decrypted if the correct passphrase is provided. Otherwise, anybody can read it! Am I missing anything here?
[reply]

        Crypt::Simple only allows one passphrase per program invocation (or per module it is used in), if you use the passphrase => syntax. Try it maybe with the passfile or prompt option instead.

[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom