Decrypt error message?
Tom Glod
tom at makeshyft.com
Mon Feb 4 13:19:29 EST 2019
thank you all for chiming in.
On Mon, Feb 4, 2019 at 1:13 PM Tom Glod <tom at makeshyft.com> wrote:
> Just to clarify
>
> My (local) application uses a salt and pepper technique to add cycles to
> the decrypt. The pepper (a-z) is added to the salt the first time the
> account is made.
>
> Afterward, when I try to log into the account using the correct password,
> my application has to cycle through the peppers to find the right combo for
> a correct decrypt.
>
> I 'almost always' get a "bad decrypt" error message when just the pepper
> is wrong.....except for the odd time that its gibberish.
>
> When the password, salt and pepper is right, the decryption works and the
> right binary data is returned.
>
> Because I know what I am expecting as decrypted data, its easy to check if
> the decrypt really worked or not.
>
> But until now I was relying on an accurate error message to tell if the
> decrypt work or not....which I guess I cannot do.
>
> I was wondering why I usually get a normal ssl error message? and only
> occasionally gibberish? There doesn't seem to be any pattern to it.
>
> On Mon, Feb 4, 2019 at 11:30 AM Brian Milby via use-livecode <
> use-livecode at lists.runrev.com> wrote:
>
>> This is not a bug. The SSL library will only complain if it requires a
>> parameter with a certain bit length and you provide an invalid value. As
>> long as your key/password/IV/salt are acceptable then you will get the
>> result of the decrypt. One way (not necessarily secure) is the pretend
>> your salt to the encrypted message. When you decrypt you verify that it
>> starts with your salt. If not, you know something went wrong. Including a
>> hash is better.
>>
>> Thanks,
>> Brian
>> On Feb 4, 2019, 11:12 AM -0500, Bob Sneidar via use-livecode <
>> use-livecode at lists.runrev.com>, wrote:
>> > Nothing in the result?
>> >
>> > Bob S
>> >
>> >
>> > > On Feb 3, 2019, at 18:33 , Tom Glod via use-livecode <
>> use-livecode at lists.runrev.com> wrote:
>> > >
>> > > Hi folks, I have just discovered a bug in Livecode where the SSL
>> Library
>> > > does not return a normal error message" like SSL: bad decrypt
>> > >
>> > > instead
>> > >
>> > > it returns unreadable binary garbage...... when in fact, the key and
>> salt
>> > > were wrong and the error message should have been "bad decrypt"
>> > >
>> > > I don't know how to trigger it. but i know for a fact that the key
>> and salt
>> > > were wrong.
>> > >
>> > > i build a quick workaround for when this occurs.
>> > >
>> > > but its weird and a little worrisome... has anyone else had
>> inconsistent
>> > > error messages with the ssl library?
>> >
>> >
>> > _______________________________________________
>> > use-livecode mailing list
>> > use-livecode at lists.runrev.com
>> > Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> > http://lists.runrev.com/mailman/listinfo/use-livecode
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>
>
More information about the use-livecode
mailing list