Reviews by Some Guy


Crypt-OTP (2.00) *

The author seems to suggest that the output of rand() might be a good way to generate one-time pads. This is not true. One-time pads must be Truly Random, not merely pseudorandom. If you generate your pad with rand(), you are in essence using rand() as an encryption algorithm, which is something it was never intended to be.

Furthermore, the author neglects to mention that a one-time pad must never be used more than once. That is why it is called a one-time pad. If you ever reuse the pad, you completely lose any guarantee of security. Note that Crypt::OTP will silently reuse the pad if the message is too long.

Crypt-Lite (0.82.06) *

DO NOT USE. This is a poor implementation of Simple XOR encryption. To quote Bruce Schneier from Applied Cryptography, "An XOR might keep your kid sister from reading your files, but it won't stop a cryptanalyst for more than a few minutes."

The documentation suggests using "double or tripple-encryption with any data to increase the security." However, multiply encrypting with XOR cannot possibly increase security -- it's the same as XORing once with the XOR of the two keys used.

Due to an apparent implementation bug, Crypt::Lite throws away 7/8ths of the secret key.

Amazingly, the secret key is included as part of every encrypted message. That can't be a good idea.

The module also can't tolerate tabs in the plaintext or secret key strings.