Decrypt error message?

Tom Glod tom at makeshyft.com
Mon Feb 4 15:02:18 EST 2019 

Ya, Its a head scratcher.    I can't really spend to much time
investigating it .... thankfully I can deal with it easily once i found it
......in this case.

Its been driving me crazy, because once in a while in testing i would get
an account that was created seemingly correct but would not open.

I'm so happy to have resolved 2 of 2 major and random issues that have been
plaguing my software for months.  The other being the Adobe meta data being
updated in the clipboard.

This code is going on github soon so I suspect I will be revisiting this
bug I think I will take out my workaround and try to reproduce it one more
time and then capture the data so can submit a report.

Thanks everyone, full speed ahead.










On Mon, Feb 4, 2019 at 2:43 PM Bob Sneidar via use-livecode <
use-livecode at lists.runrev.com> wrote:

> When I attempt to decrypt a salted hash and it fails, "it" contains empty
> and the result contains "(SSL error: bad decrypt)", otherwise it contains
> some value and the result is empty. The only thing I can think of is that
> at random times even though the pepper is invalid, the decrypt function
> succeeds! That would suck, but I have yet to see it myself.
>
> Bob S
>
>
> > On Feb 4, 2019, at 10:13 , Tom Glod via use-livecode <
> use-livecode at lists.runrev.com> wrote:
> >
> > Just to clarify
> >
> > My (local) application uses a salt and pepper technique to add cycles to
> > the decrypt. The pepper (a-z) is added to the salt the first time the
> > account is made.
> >
> > Afterward, when I try to log into the account using the correct password,
> > my application has to cycle through the peppers to find the right combo
> for
> > a correct decrypt.
> >
> > I 'almost always' get a "bad decrypt" error message when just the pepper
> is
> > wrong.....except for the odd time that its gibberish.
> >
> > When the password, salt and pepper is right, the decryption works and the
> > right binary data is returned.
> >
> > Because I know what I am expecting as decrypted data, its easy to check
> if
> > the decrypt really worked or not.
> >
> > But until now I was relying on an accurate error message to tell if the
> > decrypt work or not....which I guess I cannot do.
> >
> > I was wondering why I usually get a normal ssl error message? and only
> > occasionally gibberish?   There doesn't seem to be any pattern to it.
>
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>

More information about the use-livecode mailing list