Updated 2014-01-12 21:48:50 by dkf

There is a DES package in tcllib. Since version 0.8 this has been based upon MacCody's DES implementation. Before that it used an implementation by Jochen Loewer. The current version supports all the standard cryptographic block modes: ECB, CBC, CFB and OFB. It also checks for the weak keys and will raise an error if a weak key is used.

Example Simple user interface
 % set ciphertext [DES::des -mode cbc -dir encrypt -key $secret $plaintext]
 % set plaintext [DES::des -mode cbc -dir decrypt -key $secret $ciphertext]

Programming interface (more flexible)
 set iv [string repeat \\0 8]
 set Key [DES::Init cbc \\0\\1\\2\\3\\4\\5\\6\\7 $iv]
 set ciphertext [DES::Encrypt $Key "somedata"]
 append ciphertext [DES::Encrypt $Key "moredata"]
 DES::Reset $Key $iv
 set plaintext [DES::Decrypt $Key $ciphertext]
 DES::Final $Key

Read about DES in the Handbook of Applied Cryptography [1] Chapter 7 [2]

http://www.queuecard.com/docs/RSA_faq.pdf is a large FAQ on cryptography.

Performance

A simple benchmark, testing encryption+decryption of 100.000 bytes:
 package require des

 set k [binary format H* 86A560F10EC6D85B]
 #make a 100.000 bytes long msg:
 for { set x 0 } { $x < 10000 } {incr x } {
    append msg "1234567890"
 }

 puts "Size: [string length $msg]"
 puts [time {
   set c [DES::des -mode encode -key $k $msg]
   set p [DES::des -mode decode -key $k $c]
 } 1]

Results:
 Tcl 8.4.1
 Pentium IV 1800Mhz:  8.3 seconds (linux, ActiveTcl)
 Pentium III 930Mhz:  35 seconds (linux, ActiveTcl)

See here for ActiveTcl.
 Tcl 8.3.4
 Pentium III 930Mhz:  27 seconds (linux, redhat)
 AMD K6-400Mhz: 52 seconds (linux, redhat)

23jan03 jcw - Here's an example of the "Ghz trap":
 Both based on Tcl 8.4.1 (Tclkit Nov 2002):
 Pentium IV 2400Mhz: 6.2 seconds (linux)
 PowerPC G4 1000Mhz: 10.8 seconds (macosx)