in reply to Re: Fastest Encrypt/Decrypt
in thread Fastest Encrypt/Decrypt

Note, that when using RC4 you should never use one key twice, so maybe this is not a best choice.

Update: just a little demonstration of the problem:

use strict;
use warnings;
use Crypt::RC4::XS;

my $line1 = pack 'a32', '';
my $line2 = pack 'a32', 'some secret data';
my $enc1 = RC4('password', $line1);
my $enc2 = RC4('password', $line2);
my $xor = $enc1 ^ $enc2;
print "Result: $xor\n";
__END__
Result: some secret data

[download]

Replies are listed 'Best First'.
Re^3: Fastest Encrypt/Decrypt
by almut (Canon) on Jan 16, 2009 at 20:26 UTC
    you should never use one key twice, so maybe this is not a best choice.

    Yes, this is a (rather well-known) property of the algorithm, which immediately follows from the underlying XORing used.

    However, this doesn't necessarily mean it would be a bad choice, as the 'problem' can easily be worked around using some salting mechanism, which would provide one-time keys, while still allowing the same passphrase to be used multiple times.

    For example, just compute the key from the passphrase plus some nonce using a one-way hash function such as MD5. The nonce is stored/transmitted together with the data.  (The RC4 algorithm has a few other more subtle problems, but for the moderate security needs as requested here, they're pretty much irrelevant.)

[reply]

      Yes problem is solvable, I just drew OP attention to it. Solution is simple, but it requires some accuracy and understanding of the problem.

[reply]

In Section Seekers of Perl Wisdom