| … | |
… | |
| 117 | |
117 | |
| 118 | =head2 THE Crypt::Spritz CLASS |
118 | =head2 THE Crypt::Spritz CLASS |
| 119 | |
119 | |
| 120 | This class implements most of the Spritz primitives. To use it effectively |
120 | This class implements most of the Spritz primitives. To use it effectively |
| 121 | you should understand them, for example, by reading the L<Spritz |
121 | you should understand them, for example, by reading the L<Spritz |
| 122 | paper/http://people.csail.mit.edu/rivest/pubs/RS14.pdf>, especially |
122 | paper|http://people.csail.mit.edu/rivest/pubs/RS14.pdf>, especially |
| 123 | pp. 5-6. |
123 | pp. 5-6. |
| 124 | |
124 | |
| 125 | The Spritz primitive corresponding to the Perl method is given as |
125 | The Spritz primitive corresponding to the Perl method is given as |
| 126 | comment. |
126 | comment. |
| 127 | |
127 | |
| … | |
… | |
| 637 | limitations on usage. |
637 | limitations on usage. |
| 638 | |
638 | |
| 639 | =back |
639 | =back |
| 640 | |
640 | |
| 641 | |
641 | |
|
|
642 | =head1 SECURITY CONSIDERATIONS |
|
|
643 | |
|
|
644 | At the time of this writing, Spritz has not been through a lot of |
|
|
645 | cryptanalysis - it might get broken tomorrow. That's true for any crypto |
|
|
646 | algo, but the probability is quite a bit higher with Spritz. Having said |
|
|
647 | that, Spritz is almost certainly safer than RC4 at this time. |
|
|
648 | |
|
|
649 | Nevertheless, I wouldn't protect something very expensive with it. I also |
|
|
650 | would be careful about timing attacks. |
|
|
651 | |
|
|
652 | Regarding key lengths - as has been pointed out, traditional symmetric key |
|
|
653 | lengths (128 bit, 256 bit) work fine. Longer keys will be overkill, but |
|
|
654 | you can expect keys up to about a kilobit to be effective. Longer keys are |
|
|
655 | safe to use, they will simply be a waste of time. |
|
|
656 | |
|
|
657 | |
|
|
658 | =head1 PERFORMANCE |
|
|
659 | |
|
|
660 | As a cipher/prng, Spritz is reasonably fast (about 100MB/s on 2014 era |
|
|
661 | hardware, for comparison, AES will be more like 200MB/s). |
|
|
662 | |
|
|
663 | For key setup, ivs, hashing, nonces and so on, Spritz is very slow (about |
|
|
664 | 5MB/s on 2014 era hardware, which does SHA-256 at about 200MB/s). |
|
|
665 | |
|
|
666 | |
| 642 | =head1 SEE ALSO |
667 | =head1 SEE ALSO |
| 643 | |
668 | |
| 644 | L<http://people.csail.mit.edu/rivest/pubs/RS14.pdf>. |
669 | L<http://people.csail.mit.edu/rivest/pubs/RS14.pdf>. |
| 645 | |
670 | |
| 646 | =head1 SECURITY CONSIDERATIONS |
671 | =head1 SECURITY CONSIDERATIONS |
