[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Omaha.pm] Fwd: Crypt::Tea

To: omaha-pm@pm.org
Subject: [Omaha.pm] Fwd: Crypt::Tea
From: Jay Hannah <jay@jays.net>
Date: Fri, 3 Dec 2004 20:14:55 -0600
Cc:
List-archive: <http://mail.pm.org/archives/omaha-pm>
List-help: <mailto:omaha-pm-request@mail.pm.org?subject=help>
List-id: "Perl Mongers of Omaha, Nebraska USA" <omaha-pm.mail.pm.org>
List-post: <mailto:omaha-pm@mail.pm.org>
List-subscribe: <http://www.pm.org/mailman/listinfo/omaha-pm>, <mailto:omaha-pm-request@mail.pm.org?subject=subscribe>
List-unsubscribe: <http://www.pm.org/mailman/listinfo/omaha-pm>, <mailto:omaha-pm-request@mail.pm.org?subject=unsubscribe>
Reply-to: "Perl Mongers of Omaha, Nebraska USA" <omaha-pm@mail.pm.org>

The Man responds...

j

--------------
From: pjbillam@pjb.com.au
Date: December 3, 2004 1:51:03 PM CST
To: jay@jays.net
Subject: Re: Crypt::Tea
Reply-To: pjbillam@pjb.com.au

Greetings Jay,

great to hear from you, and I'm glad I've been able to be helpful!

We painted ourselves into a corner on a huge project with a tiny flaw.
I thought to myself -- what I really need is some tiny Perl gizmo that
would allow me to encrypt an integer, let me hand that off to the web
client's browser (into a cookie), and be able to decrypt it when it
comes back to the web server. (So they can't jack w/ the integer in
their browser.) I had never used such a thing before.


And Crypt::Tea is one of the very few ways of doing it.  The hard part
about Crypt::Tea is maintaining compatible encryption engines in Perl
and in Javascript.   Every browser is quirky (in fact there's currently

a problem with "Konqueror 5.0 (compatible; Konqueror/3.1; Linux)",though

the "3.2" subversion is fine)  but Crypt::Tea now runs perfectly on all
the major browsers.

5 minutes on CPAN and I stumbled into Crypt::Tea.
   http://search.cpan.org/~pjb/Crypt-Tea-2.04/Tea.pm


I maintain an HTML page at  http://www.pjb.com.au/comp/tea.html

$key = '18*71^asdj 1$$![&.={[ 0182312m'; my $secret = "My secret!shhh!";
for (1..20) { push @secrets, encrypt($secret, $key); }
foreach (@secrets) { print "$_ -> "; print decrypt($_, $key); print"\n"; }
...
mgb7NpXEhmY_DcnWFs6_thmm8dEmW2zz -> My secret! shhh!
QCOd3vpp6QZjD__c25nJtVlQ_sfT-rMm -> My secret! shhh!
eapzrEU30v1y8Lqo53QW6R51y2QVvA2J -> My secret! shhh!
WKgMDakGJjofJCPcSmsFTKHLvlsllokc -> My secret! shhh!
... etc ...


The reason why the cyphertext is different every time is that the
encryption works on 8-byte blocks, so your plaintext has to be padded
out to an 8-byte multiple. This padding is done with random bits so as
not to hand the intruder a free known-plaintext attack.

Awesome. I love Perl + CPAN.


I love Perl too, because I have yet to meet anything that needs to be
done on a computer that Perl can't do.  CPAN is a great global community
achievement.  My main gripe with it arises when every module you need
to install has a prerequisite of several other modules, and so on ..
So in my modules I've try to minimise dependencies.

My favourite among my modules is Term::Cluiwww.pjb.com.au/comp/clui.html


Somewhere on CPAN there is a page where you can vote for modules; when
they get enough votes, they get included on the ModuleList and things
like that.  So if you like Crypt::Tea, feel free to give it a vote :-)

Good to hear from you,  Regards,  Peter Billam

Peter Billam   www.pjb.com.au   pjbillam@pjb.com.au   (03) 6278 9410
GPO Box 669, Hobart TAS 7001, Australia.  Original compositions made
to be played, arrangements of Bach, Schubert, Brahms... Free Music !

Prev by Date: [Omaha.pm] || quickie
Next by Date: [Omaha.pm] Re: Omaha-pm Digest, Vol 7, Issue 10
Previous by thread: [Omaha.pm] 'Practical mod_perl' book goes opensource
Next by thread: [Omaha.pm] Re: Omaha-pm Digest, Vol 7, Issue 10
Index(es):
- Date
- Thread