decrypt error junk

Tom Glod tom at makeshyft.com
Thu Nov 2 19:27:31 EDT 2023


Hi Mark, Thanks for your response.
I understand.
I will try to reproduce this in an empty stack and submit report.
Thanks,
Tom


On Thu, Nov 2, 2023 at 2:20 AM Mark Waddingham via use-livecode <
use-livecode at lists.runrev.com> wrote:

> On 2023-11-02 02:06, Tom Glod via use-livecode wrote:
> > I have found a "wrong decryption key" that does not return a bad
> > decrypt
> > error, but returns garbage into "the result".
> > Every other wrong key correctly gives the usual error.
> > The right key works to decrypt.
>
> What exact error do you get with a wrong key vs the not-so-wrong key?
>
> > the length of the encryption/decryption key is always 64 characters
> > it is always alphanumeric, because its a hash derivative, no weird
> > characters, always the correct length.
> > and the salt is the same for every key i tried.
> >
> > I can program around it, but its unsettling.
> > I will report it, but in the meantime has anyone ever come across this
> > garbage in "the result" as a result of an incorrect. decryption key?
>
> So I don't think this is a bug, but expected behavior.
>
> The encrypt/decrypt operations are very low-level they 'simply' apply
> the specified
> algorithm to the data.
>
> Encryption/decryption is 'just' a mathematical function which uses the
> 'key bytes'
> and 'input data' to derive an output - in particular, decryption does
> not include
> any validation checks to ensure the provided decryption key is what was
> used to
> encrypt in the first place - that's something you have to do yourself.
>
> There's a huge variety of ways to do this - but perhaps the simplest is
> to add your
> favorite (simple) hash of the encryption key before the data being
> encrypted:
>
> ----
>
> (pseudo encryption code - I don't know exactly what form of encrypt you
> are using!):
>
>    local tKey, tHash
>    put deriveMyEncryptionKey(tPassword) into tKey
>    put md5Digest(tKey) into tHash
>
>    encrypt tHash & tData using ... with password tKey
>
> (pseudo decryption code - I don't know exactly what form of encrypt you
> are using!):
>
>    decrypt tEncryptedData using ... with password tKey
>
>    if byte 1 to 16 of tData is not md5Digest(tKey) then
>      throw "incorrect password"
>    end if
>
> ----
>
> Of course I'm now slightly intrigued as to what checks OpenSSL *can*
> actually do to
> be able to generate a 'bad decrypt' message - so by all means file a
> bug/send a test
> stack to support and we can at least advise on that (and potentially
> update the
> docs).
>
> Warmest Regards,
>
> Mark.
>
> --
> Mark Waddingham ~ mark at livecode.com ~ http://www.livecode.com/
> LiveCode: Build Amazing Things
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>


More information about the use-livecode mailing list