view release on metacpan or  search on metacpan

lib/Crypt/IDA.pm  view on Meta::CPAN

security afforded by the simple act of dispersing shares), it is
clearly desirable to use the highest-quality RNG available in all
cases, and this should be implemented in a future release. For the
moment, if the possibility of a weakness in this implementation is
unacceptable, it can be avoided simply by using a width parameter of 2
or 4, in which cases the high-quality RNG will always be used.

On a related note, defaulting to the use of C</dev/urandom> instead of
C</dev/random> may be considered a bug by some people.

=head1 SEE ALSO

I<"Efficient dispersal of information for security, load balancing,
and fault tolerance">, by Michael O. Rabin. JACM Volume 36, Issue 2
(1989).

Description of the Information Dispersal Algorithm, which this module
implements. This should be a faithful implementation of the original
idea, although the issue of padding is not covered sufficiently in the
paper, and this may be a point of divergence from the original
intention.

I<http://parchive.sourceforge.net/>

A similar project, in that it uses 16-bit Galois Field arithmetic to
perform the same kinds of arithmetic operations on input files. The
polynomial used in parchive (0x1100b) is different from the one used
here (0x1002b), however. Also, parchive uses the more traditional
Reed-Solomon mode of operation, with an emphasis on forward
error-correction, whereas this module focuses more on the creation of
distributed shares in order to achieve secure distribution of a
secret.

I<http://www.cs.utk.edu/~plank/plank/papers/SPE-9-97.html> "A Tutorial
on Reed-Solomon Coding for Fault-Tolerance in RAID-like Systems", by
James S. Plank.

The description of the use of a particular Vandermonde matrix to
guarantee linear independence of each row in the transform matrix (as
described above) is due to a later erratum to this paper. My
description of Reed-Solomon coding in general also follows this
paper. The use of Cauchy-form matrices for guaranteeing linear
independence (in both IDA and RS modes) also seems to be widely-known
as well.

=head1 FUTURE VERSIONS

It is likely that the following changes/additions will be made in
future versions:

=over

=item * Update the matrix processing code so that it can detect when
padding of input is required and handle it by itself. The changes
required to implement this can be made in such a way as to preserve
compatibility with any code implemented using the current semantics.

=item * Offer the choice of padding input with random padding rather
than null padding. While it's beyond the scope of this document to
present an analysis of the algorithm from a cryptographic standpoint,
it may be possible that padding with predictable zero bytes may weaken
the security of this implementation. Padding with random data should
remove that potential weakness.

=item * Force or give the option of always using the highest-quality
RNG available (see L<KNOWN BUGS>).

=item * Give the option of using other RNG sources (such as for
inferior platforms which do not have an equivalent of /dev/[u]random)

=back

=head1 AUTHOR

Declan Malone, E<lt>idablack@sourceforge.netE<gt>

=head1 COPYRIGHT AND LICENSE

Copyright (C) 2009-2019 by Declan Malone

This package is free software; you can redistribute it and/or modify
it under the terms of version 2 (or, at your discretion, any later
version) of the "GNU General Public License" ("GPL").

Please refer to the file "GNU_GPL.txt" in this distribution for
details.

=head1 DISCLAIMER

This package is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

=cut