[Omaha.pm] Fwd: Crypt::Tea

[Jay Hannah]

The Man responds...

j

--------------
From: pjbillam at pjb.com.au
Date: December 3, 2004 1:51:03 PM CST
To: jay at jays.net
Subject: Re: Crypt::Tea
Reply-To: pjbillam at pjb.com.au

Greetings Jay,

great to hear from you, and I'm glad I've been able to be helpful!

> We painted ourselves into a corner on a huge project with a tiny flaw.
> I thought to myself -- what I really need is some tiny Perl gizmo that
> would allow me to encrypt an integer, let me hand that off to the web
> client's browser (into a cookie), and be able to decrypt it when it
> comes back to the web server. (So they can't jack w/ the integer in
> their browser.) I had never used such a thing before.

And Crypt::Tea is one of the very few ways of doing it.  The hard part
about Crypt::Tea is maintaining compatible encryption engines in Perl
and in Javascript.   Every browser is quirky (in fact there's currently
a problem with "Konqueror 5.0 (compatible; Konqueror/3.1; Linux)", 
though
the "3.2" subversion is fine)  but Crypt::Tea now runs perfectly on all
the major browsers.

> 5 minutes on CPAN and I stumbled into Crypt::Tea.
>    http://search.cpan.org/~pjb/Crypt-Tea-2.04/Tea.pm

I maintain an HTML page at  http://www.pjb.com.au/comp/tea.html

> $key = '18*71^asdj 1$$![&.={[ 0182312m'; my $secret = "My secret! 
> shhh!";
> for (1..20) { push @secrets, encrypt($secret, $key); }
> foreach (@secrets) { print "$_ -> "; print decrypt($_, $key); print 
> "\n"; }
> ...
> mgb7NpXEhmY_DcnWFs6_thmm8dEmW2zz -> My secret! shhh!
> QCOd3vpp6QZjD__c25nJtVlQ_sfT-rMm -> My secret! shhh!
> eapzrEU30v1y8Lqo53QW6R51y2QVvA2J -> My secret! shhh!
> WKgMDakGJjofJCPcSmsFTKHLvlsllokc -> My secret! shhh!
> ... etc ...

The reason why the cyphertext is different every time is that the
encryption works on 8-byte blocks, so your plaintext has to be padded
out to an 8-byte multiple. This padding is done with random bits so as
not to hand the intruder a free known-plaintext attack.

> Awesome. I love Perl + CPAN.

I love Perl too, because I have yet to meet anything that needs to be
done on a computer that Perl can't do.  CPAN is a great global community
achievement.  My main gripe with it arises when every module you need
to install has a prerequisite of several other modules, and so on ..
So in my modules I've try to minimise dependencies.

My favourite among my modules is Term::Clui 
www.pjb.com.au/comp/clui.html

Somewhere on CPAN there is a page where you can vote for modules; when
they get enough votes, they get included on the ModuleList and things
like that.  So if you like Crypt::Tea, feel free to give it a vote :-)

Good to hear from you,  Regards,  Peter Billam

Peter Billam   www.pjb.com.au   pjbillam at pjb.com.au   (03) 6278 9410
GPO Box 669, Hobart TAS 7001, Australia.  Original compositions made
to be played, arrangements of Bach, Schubert, Brahms... Free Music !