Decrypt error message?
bobsneidar at iotecdigital.com
Mon Feb 4 14:42:55 EST 2019
When I attempt to decrypt a salted hash and it fails, "it" contains empty and the result contains "(SSL error: bad decrypt)", otherwise it contains some value and the result is empty. The only thing I can think of is that at random times even though the pepper is invalid, the decrypt function succeeds! That would suck, but I have yet to see it myself.
> On Feb 4, 2019, at 10:13 , Tom Glod via use-livecode <use-livecode at lists.runrev.com> wrote:
> Just to clarify
> My (local) application uses a salt and pepper technique to add cycles to
> the decrypt. The pepper (a-z) is added to the salt the first time the
> account is made.
> Afterward, when I try to log into the account using the correct password,
> my application has to cycle through the peppers to find the right combo for
> a correct decrypt.
> I 'almost always' get a "bad decrypt" error message when just the pepper is
> wrong.....except for the odd time that its gibberish.
> When the password, salt and pepper is right, the decryption works and the
> right binary data is returned.
> Because I know what I am expecting as decrypted data, its easy to check if
> the decrypt really worked or not.
> But until now I was relying on an accurate error message to tell if the
> decrypt work or not....which I guess I cannot do.
> I was wondering why I usually get a normal ssl error message? and only
> occasionally gibberish? There doesn't seem to be any pattern to it.
More information about the Use-livecode