Reviews by Reto


Crypt-Lite (0.82.07) ****

As emphasised on CPANs documentation, Crypt::Lite is *not* designed to act as a competitor for the strong algorithms like Rijndael or Blowfish where Rijndael has been elected as the Advanced Encryption Standard (AES) by NIST (See

That user opinion cited Bruce Schneier "...won't stop a cryptanalyst for more than a few minutes.". Well that's true (and well-known) for trivial XOR encryption. Although I think the "few minutes" is a very imprecise conlusion since some certain requirements had to be met; I recommend Simon Singh's "Geheime Botschaften", ISBN: 3-423-33071-6 as a good reading on that matter (also available in English).

[ The documentation suggests using "double or tripple-encryption

with any data to increase the security." However, multiply

encrypting with XOR cannot possibly increase security -- it's the

same as XORing once with the XOR of the two keys used. ]

Wrong for Crypt::Lite.

I'd assume it is pretty challenging to decrypt, even for a crypto analyst and it would take weeks to make the first guesses. In the case the crypto analyst knows it's a German or English sentence, and not "any string".

Again, Crypt::Lite has many other useful purposes than to be a competitor for AES algorithms but in my humble opinion, it should be safe enough, even for sending encrypted passwords over the net.

[ Amazingly, the secret key is included as part of every encrypted

message. That can't be a good idea. ]

The usage of the secret string has a specific intentation. This part of the procedure is beeing improved as o releae 0.82.08.

[ Due to an apparent implementation bug, Crypt::Lite throws away

7/8ths of the secret key. ]

I don't understand the issue.
I never noticed such a problem.