| … | |
… | |
| 38 | $aead->nonce ($counter); |
38 | $aead->nonce ($counter); |
| 39 | $aead->associated_data ($header); |
39 | $aead->associated_data ($header); |
| 40 | $ciphertext = $aead->encrypt ($cleartext); |
40 | $ciphertext = $aead->encrypt ($cleartext); |
| 41 | # $cleartext = $aead->decrypt ($ciphertext); |
41 | # $cleartext = $aead->decrypt ($ciphertext); |
| 42 | $mac = $aead->mac; |
42 | $mac = $aead->mac; |
|
|
43 | |
|
|
44 | =head1 WARNING |
|
|
45 | |
|
|
46 | The best known result (early 2017) against Spritz is a distinguisher |
|
|
47 | attack on 2**44 outputs with multiple keys/IVs, and on 2**60 outputs with |
|
|
48 | a single key (see doi:10.1007/978-3-662-52993-5_4 for details). These are |
|
|
49 | realistic attacks, so Spritz needs to be considered broken, although for |
|
|
50 | low data applications it should still be useful. |
| 43 | |
51 | |
| 44 | =head1 DESCRIPTION |
52 | =head1 DESCRIPTION |
| 45 | |
53 | |
| 46 | This module implements the Spritz spongelike function (with N=256), the |
54 | This module implements the Spritz spongelike function (with N=256), the |
| 47 | spiritual successor of RC4 developed by Ron Rivest and Jacob Schuldt. |
55 | spiritual successor of RC4 developed by Ron Rivest and Jacob Schuldt. |
| … | |
… | |
| 80 | |
88 | |
| 81 | package Crypt::Spritz; |
89 | package Crypt::Spritz; |
| 82 | |
90 | |
| 83 | use XSLoader; |
91 | use XSLoader; |
| 84 | |
92 | |
| 85 | $VERSION = 1.01; |
93 | $VERSION = 1.02; |
| 86 | |
94 | |
| 87 | XSLoader::load __PACKAGE__, $VERSION; |
95 | XSLoader::load __PACKAGE__, $VERSION; |
| 88 | |
96 | |
| 89 | @Crypt::Spritz::ISA = Crypt::Spritz::Base::; |
97 | @Crypt::Spritz::ISA = Crypt::Spritz::Base::; |
| 90 | |
98 | |
