… | |
… | |
80 | |
80 | |
81 | package Crypt::Spritz; |
81 | package Crypt::Spritz; |
82 | |
82 | |
83 | use XSLoader; |
83 | use XSLoader; |
84 | |
84 | |
85 | $VERSION = '0.1'; |
85 | $VERSION = 0.2; |
86 | |
86 | |
87 | XSLoader::load __PACKAGE__, $VERSION; |
87 | XSLoader::load __PACKAGE__, $VERSION; |
88 | |
88 | |
89 | @Crypt::Spritz::ISA = Crypt::Spritz::Base::; |
89 | @Crypt::Spritz::ISA = Crypt::Spritz::Base::; |
90 | |
90 | |
… | |
… | |
117 | |
117 | |
118 | =head2 THE Crypt::Spritz CLASS |
118 | =head2 THE Crypt::Spritz CLASS |
119 | |
119 | |
120 | This class implements most of the Spritz primitives. To use it effectively |
120 | This class implements most of the Spritz primitives. To use it effectively |
121 | you should understand them, for example, by reading the L<Spritz |
121 | you should understand them, for example, by reading the L<Spritz |
122 | paper/http://people.csail.mit.edu/rivest/pubs/RS14.pdf>, especially |
122 | paper|http://people.csail.mit.edu/rivest/pubs/RS14.pdf>, especially |
123 | pp. 5-6. |
123 | pp. 5-6. |
124 | |
124 | |
125 | The Spritz primitive corresponding to the Perl method is given as |
125 | The Spritz primitive corresponding to the Perl method is given as |
126 | comment. |
126 | comment. |
127 | |
127 | |
… | |
… | |
442 | These methods are provided for L<Crypt::CBC> compatibility and simply |
442 | These methods are provided for L<Crypt::CBC> compatibility and simply |
443 | return C<32> and C<64>, respectively. |
443 | return C<32> and C<64>, respectively. |
444 | |
444 | |
445 | Note that it is pointless to use Spritz with L<Crypt::CBC>, as Spritz is |
445 | Note that it is pointless to use Spritz with L<Crypt::CBC>, as Spritz is |
446 | not a block cipher and already provides an appropriate mode. |
446 | not a block cipher and already provides an appropriate mode. |
|
|
447 | |
|
|
448 | =back |
|
|
449 | |
|
|
450 | |
|
|
451 | =head2 THE Crypt::Spritz::Cipher CLASS |
|
|
452 | |
|
|
453 | This class is pretty much the same as the C<Crypt::Spritz::Cipher::XOR> |
|
|
454 | class, with two differences: first, it implements the "standard" Spritz |
|
|
455 | encryption algorithm, and second, while this variant is easier to analyze |
|
|
456 | mathematically, there is little else to recommend it for, as it is slower, |
|
|
457 | and requires lots of code duplication code. |
|
|
458 | |
|
|
459 | So unless you need to be compatible with another implementation that does |
|
|
460 | not offer the XOR variant, stick to C<Crypt::Spritz::Cipher::XOR>. |
|
|
461 | |
|
|
462 | All the methods from C<Crypt::Spritz::Cipher::XOR> are available, except |
|
|
463 | C<crypt>, which has been replaced by separate C<encrypt> and C<decrypt> |
|
|
464 | methods: |
|
|
465 | |
|
|
466 | =over 4 |
|
|
467 | |
|
|
468 | =item $encrypted = $cipher->encrypt ($cleartext) |
|
|
469 | |
|
|
470 | =item $cleartext = $cipher->decrypt ($encrypted) |
|
|
471 | |
|
|
472 | Really the same as C<Crypt::Spritz::Cipher::XOR>, except you need separate |
|
|
473 | calls and code for encryption and decryption. |
447 | |
474 | |
448 | =back |
475 | =back |
449 | |
476 | |
450 | |
477 | |
451 | =head2 THE Crypt::Spritz::AEAD::XOR CLASS |
478 | =head2 THE Crypt::Spritz::AEAD::XOR CLASS |
… | |
… | |
582 | } |
609 | } |
583 | |
610 | |
584 | =back |
611 | =back |
585 | |
612 | |
586 | |
613 | |
|
|
614 | =head2 THE Crypt::Spritz::AEAD CLASS |
|
|
615 | |
|
|
616 | This class is pretty much the same as the C<Crypt::Spritz::AEAD::XOR> |
|
|
617 | class, with two differences: first, it implements the "standard" Spritz |
|
|
618 | encryption algorithm, and second, while this variant is easier to analyze |
|
|
619 | mathematically, there is little else to recommend it for, as it is slower, |
|
|
620 | and requires lots of code duplication code. |
|
|
621 | |
|
|
622 | So unless you need to be compatible with another implementation that does |
|
|
623 | not offer the XOR variant, stick to C<Crypt::Spritz::AEAD::XOR>. |
|
|
624 | |
|
|
625 | All the methods from C<Crypt::Spritz::AEAD::XOR> are available, except |
|
|
626 | C<crypt>, which has been replaced by separate C<encrypt> and C<decrypt> |
|
|
627 | methods: |
|
|
628 | |
|
|
629 | =over 4 |
|
|
630 | |
|
|
631 | =item $encrypted = $cipher->encrypt ($cleartext) |
|
|
632 | |
|
|
633 | =item $cleartext = $cipher->decrypt ($encrypted) |
|
|
634 | |
|
|
635 | Really the same as C<Crypt::Spritz::AEAD::XOR>, except you need separate |
|
|
636 | calls and code for encryption and decryption, but you have the same |
|
|
637 | limitations on usage. |
|
|
638 | |
|
|
639 | =back |
|
|
640 | |
|
|
641 | |
|
|
642 | =head1 SECURITY CONSIDERATIONS |
|
|
643 | |
|
|
644 | At the time of this writing, Spritz has not been through a lot of |
|
|
645 | cryptanalysis - it might get broken tomorrow. That's true for any crypto |
|
|
646 | algo, but the probability is quite a bit higher with Spritz. Having said |
|
|
647 | that, Spritz is almost certainly safer than RC4 at this time. |
|
|
648 | |
|
|
649 | Nevertheless, I wouldn't protect something very expensive with it. I also |
|
|
650 | would be careful about timing attacks. |
|
|
651 | |
|
|
652 | Regarding key lengths - as has been pointed out, traditional symmetric key |
|
|
653 | lengths (128 bit, 256 bit) work fine. Longer keys will be overkill, but |
|
|
654 | you can expect keys up to about a kilobit to be effective. Longer keys are |
|
|
655 | safe to use, they will simply be a waste of time. |
|
|
656 | |
|
|
657 | |
|
|
658 | =head1 PERFORMANCE |
|
|
659 | |
|
|
660 | As a cipher/prng, Spritz is reasonably fast (about 100MB/s on 2014 era |
|
|
661 | hardware, for comparison, AES will be more like 200MB/s). |
|
|
662 | |
|
|
663 | For key setup, ivs, hashing, nonces and so on, Spritz is very slow (about |
|
|
664 | 5MB/s on 2014 era hardware, which does 200MB/s with SHA-256). |
|
|
665 | |
|
|
666 | |
587 | =head1 SEE ALSO |
667 | =head1 SEE ALSO |
588 | |
668 | |
589 | L<http://people.csail.mit.edu/rivest/pubs/RS14.pdf>. |
669 | L<http://people.csail.mit.edu/rivest/pubs/RS14.pdf>. |
590 | |
670 | |
591 | =head1 SECURITY CONSIDERATIONS |
671 | =head1 SECURITY CONSIDERATIONS |