LoginRegisterCommercial SupportContact Us


News & Updates > Notes on Encryption

Notes on Encryption

posted on 7:31 PM, July 27, 2007
In ExSite 3.4 and earlier, encryption was a pure-perl implementation of the TEA algorithm.  This failed on 64-bit architectures because it was strongly dependent on machine word sizes, and Perl 5 does not offer enough control over word size to maintain the integrity of the algorithm.

The work-around in ExSite 3.5 is to use an external encrypter, which is just the TEA algorithm written in C.  On 64-bit servers, you sould compile crypt_tea.c and leave the binary in cgi-bin for it to work.  On 32-bit servers, the old pure-perl algorithm will continue to be used.  If using ExSite::Crypt, the API should be the same no matter which underlying engine is used.

WARNING:  The pure-perl and C encrypters are not cross-compatible in their results so be careful about long-term storage of encrypted data when migrating sites from 32-bit to 64-bit machines.  It may be necessary to temporarily decrypt stored data, and then re-encrypt on the new server.  The number of mixing rounds for strong encryption has been increased from 32 to 64 in the 64-bit version of the Encrypter, on the recommendation of some cryptanalytic sites.  Note that that ExSite does not store anything encrypted by default, so default installs should not have any problems.