Reviews by Reto

cpanratings
 

RSS

Crypt-Lite (0.82.07) ****

As emphasised on CPANs documentation, Crypt::Lite is *not* designed to act as a competitor for the strong algorithms like Rijndael or Blowfish where Rijndael has been elected as the Advanced Encryption Standard (AES) by NIST (See csrc.nist.gov/CryptoToolkit/aes/aesfa....

That user opinion cited Bruce Schneier "...won't stop a cryptanalyst for more than a few minutes.". Well that's true (and well-known) for trivial XOR encryption. Although I think the "few minutes" is a very imprecise conlusion since some certain requirements had to be met; I recommend Simon Singh's "Geheime Botschaften", ISBN: 3-423-33071-6 as a good reading on that matter (also available in English).

[ The documentation suggests using "double or tripple-encryption

with any data to increase the security." However, multiply

encrypting with XOR cannot possibly increase security -- it's the

same as XORing once with the XOR of the two keys used. ]

Wrong for Crypt::Lite.

I'd assume it is pretty challenging to decrypt, even for a crypto analyst and it would take weeks to make the first guesses. In the case the crypto analyst knows it's a German or English sentence, and not "any string".

Again, Crypt::Lite has many other useful purposes than to be a competitor for AES algorithms but in my humble opinion, it should be safe enough, even for sending encrypted passwords over the net.

[ Amazingly, the secret key is included as part of every encrypted

message. That can't be a good idea. ]

The usage of the secret string has a specific intentation. This part of the procedure is beeing improved as o releae 0.82.08.

[ Due to an apparent implementation bug, Crypt::Lite throws away

7/8ths of the secret key. ]

I don't understand the issue.
I never noticed such a problem.

Reto - 2006-09-15T07:32:57 (permalink)

2 out of 6 found this review helpful. Was this review helpful to you?  Yes No