--- Crypt-Spritz/Spritz.pm 2015/01/10 09:56:40 1.9 +++ Crypt-Spritz/Spritz.pm 2015/01/11 05:06:13 1.10 @@ -119,7 +119,7 @@ This class implements most of the Spritz primitives. To use it effectively you should understand them, for example, by reading the L, especially +paper|http://people.csail.mit.edu/rivest/pubs/RS14.pdf>, especially pp. 5-6. The Spritz primitive corresponding to the Perl method is given as @@ -639,6 +639,31 @@ =back +=head1 SECURITY CONSIDERATIONS + +At the time of this writing, Spritz has not been through a lot of +cryptanalysis - it might get broken tomorrow. That's true for any crypto +algo, but the probability is quite a bit higher with Spritz. Having said +that, Spritz is almost certainly safer than RC4 at this time. + +Nevertheless, I wouldn't protect something very expensive with it. I also +would be careful about timing attacks. + +Regarding key lengths - as has been pointed out, traditional symmetric key +lengths (128 bit, 256 bit) work fine. Longer keys will be overkill, but +you can expect keys up to about a kilobit to be effective. Longer keys are +safe to use, they will simply be a waste of time. + + +=head1 PERFORMANCE + +As a cipher/prng, Spritz is reasonably fast (about 100MB/s on 2014 era +hardware, for comparison, AES will be more like 200MB/s). + +For key setup, ivs, hashing, nonces and so on, Spritz is very slow (about +5MB/s on 2014 era hardware, which does 200MB/s with SHA-256). + + =head1 SEE ALSO L.