As emphasised on CPANs documentation, Crypt::Lite is *not* designed to act as a competitor for the strong algorithms like Rijndael or Blowfish where Rijndael has been elected as the Advanced Encryption Standard (AES) by NIST (See csrc.nist.gov/CryptoToolkit/aes/aesfa....
That user opinion cited Bruce Schneier "...won't stop a cryptanalyst for more than a few minutes.". Well that's true (and well-known) for trivial XOR encryption. Although I think the "few minutes" is a very imprecise conlusion since some certain requirements had to be met; I recommend Simon Singh's "Geheime Botschaften", ISBN: 3-423-33071-6 as a good reading on that matter (also available in English).
[ The documentation suggests using "double or tripple-encryption
with any data to increase the security." However, multiply
encrypting with XOR cannot possibly increase security -- it's the
same as XORing once with the XOR of the two keys used. ]
Wrong for Crypt::Lite.
I'd assume it is pretty challenging to decrypt, even for a crypto analyst and it would take weeks to make the first guesses. In the case the crypto analyst knows it's a German or English sentence, and not "any string".
Again, Crypt::Lite has many other useful purposes than to be a competitor for AES algorithms but in my humble opinion, it should be safe enough, even for sending encrypted passwords over the net.
[ Amazingly, the secret key is included as part of every encrypted
message. That can't be a good idea. ]
The usage of the secret string has a specific intentation. This part of the procedure is beeing improved as o releae 0.82.08.
[ Due to an apparent implementation bug, Crypt::Lite throws away
7/8ths of the secret key. ]
I don't understand the issue.
I never noticed such a problem.
2 out of 6 found this review helpful. Was this review helpful to you? Yes No