artist has asked for the wisdom of the Perl Monks concerning the following question:

I like to pass the encrypted string as URL parameter, so I can decrypt at the other end. I like to use something more than ROT-13. It doesn't have to be very fancy as my string could be between 3 to 20 characters. I am also not passing super-sensitive information here. But I have to announce those strings publicly for usage thereafter. I wish to have GUID like encrypted strings as generated by Data::GUID ( GUIDs are one-way though.) How would I go about it?
Thanks,
--Artist

Replies are listed 'Best First'.
Re: encrypt/decrypt string
by samtregar (Abbot) on Oct 19, 2006 at 17:56 UTC
    There are many encryption modules avaialble on CPAN. I usually reach for Crypt::Blowfish, which is best used via Crypt::CBC. It's a fast algorithm which hasn't been broken yet, as far as I know.

    -sam

[reply]
      Thanks, It works for me finally. I wanted to pass the hex character instead of random ascii characters. encrypt_hex and decrypt_hex did the job.
      --Artist
[reply]
      I like to have fix number of characters (for example: 20 Hex digits) in the encrypted string.
      --Artist
[reply]
        That strikes me as a silly thing to want in this context. There's no reason URLs need to be a fixed length and trust me, Blowfish isn't any weaker for producing variable length output.

        -sam

[reply]
        Blowfish *does* encrypts a fixed number of input characters to a fixed number of output characters.
[reply]
Re: encrypt/decrypt string
by kwaping (Priest) on Oct 19, 2006 at 18:43 UTC
    You might like MIME::Base64::URLSafe. While it's an encoding and not an encryption, it will at least make your text unreadable to the casual observer.

    I know people are going to harp on this, so I'm going to reitrate that Base64 encoding shouldn't be considered encryption. It's basically an obfuscation of the data, at most.

    ---
    It's all fine and dandy until someone has to look at the code.
[reply]
Re: encrypt/decrypt string
by davido (Cardinal) on Oct 19, 2006 at 17:57 UTC

    What are you trying to accomplish by passing the encrypted strings in the URL? Is this for session management? Login info?

    I think there may be some good strategies out there, but need more information. I'm not so much interested in how you want to implement the encryption. I'm asking what it's for.


    Dave

[reply]
      I am passing the login info and like to publish RSS feed for given user. I like to have fix number of characters in the encrypted string.
      --Artist
[reply]

        I thought you might be passing login info. Once the client has logged in, you don't need to pass the info back and forth anymore; just pass an encrypted session ID, and store any other sensitive info on the server. You would probably benefit from CGI::Session, and one of its session ID helper modules such as CGI::Session::ID::MD5 (which uses Digest::MD5).


        Dave

[reply]
Re: encrypt/decrypt string
by ikegami (Patriarch) on Oct 19, 2006 at 19:18 UTC
    GUIDs are neither encrypted nor one-way.
[reply]

Back to Seekers of Perl Wisdom