… | |
… | |
74 | authenticated encryption - Crypt::Spritz::AEAD |
74 | authenticated encryption - Crypt::Spritz::AEAD |
75 | |
75 | |
76 | THE Crypt::Spritz CLASS |
76 | THE Crypt::Spritz CLASS |
77 | This class implements most of the Spritz primitives. To use it |
77 | This class implements most of the Spritz primitives. To use it |
78 | effectively you should understand them, for example, by reading the |
78 | effectively you should understand them, for example, by reading the |
79 | "http://people.csail.mit.edu/rivest/pubs/RS14.pdf" in Spritz paper, |
79 | Spritz paper <http://people.csail.mit.edu/rivest/pubs/RS14.pdf>, |
80 | especially pp. 5-6. |
80 | especially pp. 5-6. |
81 | |
81 | |
82 | The Spritz primitive corresponding to the Perl method is given as |
82 | The Spritz primitive corresponding to the Perl method is given as |
83 | comment. |
83 | comment. |
84 | |
84 | |
… | |
… | |
515 | $cleartext = $cipher->decrypt ($encrypted) |
515 | $cleartext = $cipher->decrypt ($encrypted) |
516 | Really the same as "Crypt::Spritz::AEAD::XOR", except you need |
516 | Really the same as "Crypt::Spritz::AEAD::XOR", except you need |
517 | separate calls and code for encryption and decryption, but you have |
517 | separate calls and code for encryption and decryption, but you have |
518 | the same limitations on usage. |
518 | the same limitations on usage. |
519 | |
519 | |
|
|
520 | SECURITY CONSIDERATIONS |
|
|
521 | At the time of this writing, Spritz has not been through a lot of |
|
|
522 | cryptanalysis - it might get broken tomorrow. That's true for any crypto |
|
|
523 | algo, but the probability is quite a bit higher with Spritz. Having said |
|
|
524 | that, Spritz is almost certainly safer than RC4 at this time. |
|
|
525 | |
|
|
526 | Nevertheless, I wouldn't protect something very expensive with it. I |
|
|
527 | also would be careful about timing attacks. |
|
|
528 | |
|
|
529 | Regarding key lengths - as has been pointed out, traditional symmetric |
|
|
530 | key lengths (128 bit, 256 bit) work fine. Longer keys will be overkill, |
|
|
531 | but you can expect keys up to about a kilobit to be effective. Longer |
|
|
532 | keys are safe to use, they will simply be a waste of time. |
|
|
533 | |
|
|
534 | PERFORMANCE |
|
|
535 | As a cipher/prng, Spritz is reasonably fast (about 100MB/s on 2014 era |
|
|
536 | hardware, for comparison, AES will be more like 200MB/s). |
|
|
537 | |
|
|
538 | For key setup, ivs, hashing, nonces and so on, Spritz is very slow |
|
|
539 | (about 5MB/s on 2014 era hardware, which does SHA-256 at about 200MB/s). |
|
|
540 | |
|
|
541 | SUPPORT FOR THE PERL MULTICORE SPECIFICATION |
|
|
542 | This module supports the perl multicore specification |
|
|
543 | (<http://perlmulticore.schmorp.de/>) for all encryption/decryption |
|
|
544 | (non-aead > 4000 octets, aead > 400 octets), hashing/absorbing (> 400 |
|
|
545 | octets) and squeezing/prng (> 4000 octets) functions. |
|
|
546 | |
520 | SEE ALSO |
547 | SEE ALSO |
521 | <http://people.csail.mit.edu/rivest/pubs/RS14.pdf>. |
548 | <http://people.csail.mit.edu/rivest/pubs/RS14.pdf>. |
522 | |
549 | |
523 | SECURITY CONSIDERATIONS |
550 | SECURITY CONSIDERATIONS |
524 | I also cannot give any guarantees for security, Spritz is a very new |
551 | I also cannot give any guarantees for security, Spritz is a very new |