Updated 2012-01-11 13:07:44 by dkf
 # crypt1.tcl - Simple Encryption
 #  (Should the length of the string be veiled?)
 # 12.02.2007 © M.Hoffmann

 package provide crypt1 0.1
 package require rc4; # tcllib; für Kennwortschlüsselung

 namespace eval crypt1 {
    variable key [binary format H* 83840200ffeb0e8db360068a02c381c4e8435f5ee9]

    proc encrypt in {
         return [rc4::rc4 -hex -key $::crypt1::key                   $in ]
    proc decrypt in {
         return [rc4::rc4      -key $::crypt1::key [binary format H* $in]]
    namespace export *
 # crypt1_test.tcl - Simple Encryption Tests
 # 12.02.2007 © M.Hoffmann

 lappend auto_path [pwd];
 package require crypt1;

 namespace import crypt1::*

 puts "Key (empty = default):"
 gets stdin key
 if {[string length $key]} {
    set ::crypt1::key $key
 puts "Key: $::crypt1::key"

 puts "String to encrypt:"
 gets stdin str
 puts "String: '$str'"

 set eStr [encrypt $str]
 puts "Ecrypted String: '$eStr'"

 puts "And this string decrypted again: '[decrypt $eStr]'"

Question to myself:

  • Is this safe enough?
    LV safe enough for what? For encrypting the passwords to your bank account? For encrypting key information for a casual, open source, video game? For controlling access to the world's nuclear weapons?
    MHo, no no, no nuclear weapons... just for cases where it is neccessary to store passwords somewhere, to avoid that each and every user can read them via a simple type or hexdump....
    DKF: The problem is that something somewhere will then look like a key, and that's likely to be the focus of anyone trying to crack the code. (Seriously. I've cracked software like that in the past. The software in question was a binary left behind by a former employee…)