Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • User (Old forums)
    Member
    Post count: 23064
    #42926 |

    Hi,

    I am testing the trial version of Encryption Library. There seems to be a bug when decrypting a file using the Manager sample application. If I use one pass phrase encrypting a file and another pass phrase decrypting it, the message always says that it has decrypted the file successfully. Why is that? How can it be successful with an incorrect pass phrase? The file is far from successfully decrypted, it is corrupted and can’t be decrypted even with the correct pass phrase anymore. I’m using VB6.

    Regards
    Marty

    Imported from legacy forums. Posted by Marty (had 3985 views)

    Odi [Xceed]
    Spectator
    Post count: 426

    From what I have seen, encryption librairies and classes usually decrypt without error even if the wrong passphrase has been used. There is at least one good reason for this that I can think of. First, the decryption algorithm has no way of knowing if you entered the correct passphrase, because no hash code or other checksum is embedded into the encrypted data. If there were such embedded information, it may not be good for the security of the encrypted data. I have heard of some methods like a “quick check” code being used in PGP which have successfully been used to attack the data (the quick check code was there to help quickly determine if theright passphrase was used so you don’t have to decrypt everything only to find out at the end).

    In any case, I don’t think the AES and other algorithms in the Encryption library have such a checksum. If you want to add one to the stream, it is very easy to do so, but you should look into the matter to see if it is safe. I’m not Xceed’s encryption expert, though. I have forwarded the URL to this thread to Michel who probably knows much more about this.

    Imported from legacy forums. Posted by Odi [Xceed] (had 327 views)

    User (Old forums)
    Member
    Post count: 23064

    Thanks for your reply.
    I do understand the issue, but in my case I can use CRC to verify if a file has been decrypted successfully. The problem is that I don’t know how to add the CRC-info to the encrypted file. I can’t find any info about this. Could you please show a VB6 sample how to write info to the header of the encrypted file and how to retrieve the same info when decrypting it, or where to find info how to do that? Anything that I could test using the manager sample application would be very much appreciated.

    Regards
    Marty

    Imported from legacy forums. Posted by Marty (had 4446 views)

Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.