Cipher::Arcfour - Arcfour (RC4-compatible) stream cipher
$ciphertext = Cipher::Arcfour.encipher($plaintext, :key($key)); &cipher := Cipher::Arcfour.encipherer(:key($key)); print cipher($_) for =$IN; print cipher(); my $cipher = Cipher::Arcfour.new(:key($key)); @output = gather { take $cipher.cipher($_) for @input };
Arcfour is a very simple (less than fifteen readable lines) but surprisingly secure stream cipher. It is believed to be compatible with RSA Security's RC4(tm) cipher, in that keys should produce the same keystream and thus text should be enciphered and deciphered the same way. RC4 and Arcfour are used in standards such as SSH, SSL and TLS, WEP, and WPA, as well as many non-standard cryptosystems.
Arcfour operates on whole bytes, XORing elements of a constantly-transforming state table with each byte of plaintext or ciphertext. (It doesn't distinguish between enciphering and deciphering operations.)
Although it is secure when used properly, using it incorrectly can lead to serious insecurity; see the "SECURITY" section for details. (In particular, note that the serious insecurities plaguing WEP were caused by improper use of RC4.)
The interface for Cipher::Arcfour is largely defined by Cipher::Stream and its parent module, Cipher; for example, the methods used for actual cryptography are there. See those modules for details.
The new constructor takes only one option, :key, containing the key. Arcfour keys can be any random number between 40 and 128 bits long, rounded to the nearest byte (but see "SECURITY" for important caveats).
new
:key
Cipher::Arcfour also includes several attributes which might be interesting to people interested in the algorithm itself. The attributes in question are i, j and state. To understand how to interpret them, see the Wikipedia article on RC4, Applied Cryptography by Bruce Schneier, or most cryptography resources written in the last ten years or so.
i
j
state
Although Arcfour is perfectly secure when used properly, it has several known problems and weaknesses.
Basically, the first few bytes of data aren't encrypted well. If your application allows, skip over a kilobyte or so by calling generate_keystream with a number of bytes and throwing the return value away. Encryptions after this point will be using stronger portions of the keystream. (Just remember to do it at both ends!)
generate_keystream
If two different data streams are enciphered with the same key, the encryption can be removed by XORing them together; you might not be able to derive the plaintext from the result, but any cryptographer worth the name can. To avoid this, make sure you combine the key with a nonce or initialization vector, a one-time random number. (It will need to be sent to the other end along with the ciphertext, but it's safe to send it in the clear.)
This means that you should strive to use only truly random keys; Perl's rand function is not good enough. (You should be doing this anyway, though.) It also means that the nonce or initialization vector should be hashed with the key, not merely appended to it; appending can create precisely the sort of weak keying that can be exploited by a cryptoanalyst. Use 128 bits of a good cryptographic hashing/authentication algorithm like HMAC-SHA-256 for this.
rand
Cipher, Cipher::Stream
Bruce Schneier. Applied Cryptography, Second Edition. 1995, published by John Wiley & Sons, Inc.
Copyright (C) 2005 Brent Royal-Gordon <brent@brentdax.com>.
This code is free software, and may be used, distributed and/or modified under the same terms as Perl itself.
1 POD Error
The following errors were encountered while parsing the POD:
=back doesn't take any parameters, but you said =back 4
To install Perl6::Pugs, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Perl6::Pugs
CPAN shell
perl -MCPAN -e shell install Perl6::Pugs
For more information on module installation, please visit the detailed CPAN module installation guide.