Decrypt error message?

Tom Glod tom at makeshyft.com
Mon Feb 4 13:13:45 EST 2019


Just to clarify

My (local) application uses a salt and pepper technique to add cycles to
the decrypt. The pepper (a-z) is added to the salt the first time the
account is made.

Afterward, when I try to log into the account using the correct password,
my application has to cycle through the peppers to find the right combo for
a correct decrypt.

I 'almost always' get a "bad decrypt" error message when just the pepper is
wrong.....except for the odd time that its gibberish.

When the password, salt and pepper is right, the decryption works and the
right binary data is returned.

Because I know what I am expecting as decrypted data, its easy to check if
the decrypt really worked or not.

But until now I was relying on an accurate error message to tell if the
decrypt work or not....which I guess I cannot do.

I was wondering why I usually get a normal ssl error message? and only
occasionally gibberish?   There doesn't seem to be any pattern to it.

On Mon, Feb 4, 2019 at 11:30 AM Brian Milby via use-livecode <
use-livecode at lists.runrev.com> wrote:

> This is not a bug.  The SSL library will only complain if it requires a
> parameter with a certain bit length and you provide an invalid value.  As
> long as your key/password/IV/salt are acceptable then you will get the
> result of the decrypt.  One way (not necessarily secure) is the pretend
> your salt to the encrypted message.  When you decrypt you verify that it
> starts with your salt.  If not, you know something went wrong.  Including a
> hash is better.
>
> Thanks,
> Brian
> On Feb 4, 2019, 11:12 AM -0500, Bob Sneidar via use-livecode <
> use-livecode at lists.runrev.com>, wrote:
> > Nothing in the result?
> >
> > Bob S
> >
> >
> > > On Feb 3, 2019, at 18:33 , Tom Glod via use-livecode <
> use-livecode at lists.runrev.com> wrote:
> > >
> > > Hi folks, I have just discovered a bug in Livecode where the SSL
> Library
> > > does not return a normal error message" like SSL: bad decrypt
> > >
> > > instead
> > >
> > > it returns unreadable binary garbage...... when in fact, the key and
> salt
> > > were wrong and the error message should have been "bad decrypt"
> > >
> > > I don't know how to trigger it. but i know for a fact that the key and
> salt
> > > were wrong.
> > >
> > > i build a quick workaround for when this occurs.
> > >
> > > but its weird and a little worrisome... has anyone else had
> inconsistent
> > > error messages with the ssl library?
> >
> >
> > _______________________________________________
> > use-livecode mailing list
> > use-livecode at lists.runrev.com
> > Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode



More information about the use-livecode mailing list