| Name : perl-Crypt-OTP
| |
| Version : 2.00
| Vendor : obs://build_opensuse_org/devel:languages:perl
|
| Release : 7.70
| Date : 2024-08-05 19:43:34
|
| Group : Development/Libraries/Perl
| Source RPM : perl-Crypt-OTP-2.00-7.70.src.rpm
|
| Size : 0.01 MB
| |
| Packager : (none)
| |
| Summary : Perl implementation of the One Time Pad (hence, OTP) encryption method
|
Description :
The One Time Pad encryption method is very simple, and impossible to crack
without the actual pad file against which the to-be-encrypted message is
XOR\'ed. Encryption and decryption are performed using excactly the same
method, and the message will decrypt correctly only if the same pad is used
in decryption as was use in encryption.
The safest method of use is to use a large, semi-random text file as the
pad, like so:
$ciphertext = OTP( \"my_pad.txt\", $message );
However, I\'ve also implemented a second method which does not rely on an
external pad file, though this mathod is substantially less secure.
$less_secure = OTP( \"This text takes the place of my pad file\", $message, 1
);
In this example, the \"1\" instructs the OTP sub-routine to use the contents
of the first element as the pad, rather than the default method which is to
use the first element as the name of the external pad file.
If the file specified using the first method does not exist, OTP returns
zero. In all other cases, OTP returns the XOR\'ed message.
A few important points should be made about key management. First and most
importantly, it should be noted that using the method where the pad is
passed as a string (i.e., setting the mode to a non-zero value) is
tremendously unsecure unless you use a non-repeating sequence that is at
least as long as the message to be encrypted. I\'ve had some lively debate
with others on this point, but I stand firmly by the notion that key
management is left as an exercise for the user. The purpose of this module
is to provide One Time Pad encryption, not to provide key management for
same, which is, unquestionably, a separate task. As with any encryption
method, IF YOU USE IT IN AN UNSECURE FASHION, IT WILL BE UNSECURE. In any
case, best practice is to use a pad that contains a pseudo-random set of
data with a period greater than or equal to the length of the message to be
encrypted. Why \"pseudo-random\"? Simple. Any random number generator (i.e.,
the rand() function in perl) that isn\'t specifically stated to be
cryptographically secure, will eventually repeat its sequence of random
numbers. As such, if for example your random number generator starts
repeating its sequence after, say, 100 numbers, messages of less than 100
characters will be fairly secure. However, encrypted messages greater than
100 characters would be considered weak, because they would be encrypted
with a pad that displays a repeating sequence. If you are uncomfortable
with doing your own key management, then this is probably not the module
for you. If you take proper precautions with your pad/key, Crypt::OTP will
serve you in good stead. Use this module at your own risk, and use the
utmost care with managing your keys.
|
RPM found in directory: /packages/linux-pbone/ftp5.gwdg.de/pub/opensuse/repositories/devel:/languages:/perl:/CPAN-C/openSUSE_Tumbleweed/noarch |
