RE: Problem while decrypting

From: lelteto (lelteto_at_discussions.microsoft.com)
Date: 07/25/05

  • Next message: Pavel Lebedinsky [MSFT]: "Re: SE_ASSIGNPRIMARYTOKEN_NAME" 
    Date: Mon, 25 Jul 2005 10:22:04 -0700

    Encrypt/Decrypt does not check for changes. Decrypt will decrypt ANY GARBAGE
    (depending on the mode). Moreover, in CBC mode a block error affects only two
    blocks in the data.
    What you need is INTEGRITY protection. Some ways to achieve it:
    - simple hash: attach the hash value of the original data at the end,
    compare it after decryption and reject if different. This protects agains
    accidental / communication problems
    - keyed hash: same as above but uses a secret key value, so an attacker
    cannot correctly re-calculate the hash (checksum). Downside is that both
    sides need the secret key.
    - signed hash: same as above but also proves who sent the data (whoever has
    the private key). Upside is that even the verifyer cannot 'forge' a modified
    correct data.
    - keyed MAC: also uses secret key but the checksum calculation is different.
    (Instead of hash it's the last block of a CBC encryption chain.) Note that
    you should NOT use the same key for CBC decrypt AND CBC MACing on the same
    data.

    (Also, for hashes there are some weaknesses in the various hash algos which
    can pre-produce two different data with the same hash value. The seriousness
    of this issue depends on your usage of the hash.)

    Laszlo Elteto
    SafeNet, Inc.

    "shiva" wrote:

    > HI
    >
    > iam involed in doing an encryption/decryption module
    > i was encrypting the data using the pass phrase.
    > after successful encryption,i tried tampering that encrypted file..
    > while decryptiing that tampered file ,i was not getting error message.
    > i used to decrypt the data in the file record by record as i have put a
    > delimiter while encrypting itself.
    > if i temaper one record ,the cryptDecrypt function is decrypting the data
    > without any error
    > (but the data is not readable)
    >
    > i have checked with both the CryptoAPI as well as using Cryptlib
    > can anyone please help me in this regard
    >
    > Thanks & Regards
    > shiva
    >

  • Next message: Pavel Lebedinsky [MSFT]: "Re: SE_ASSIGNPRIMARYTOKEN_NAME"

    Relevant Pages

    • Re: Newbie - Does This Make Sense?
      ... clear text before encrypting it. ... hash of the passphrase somewhere, and when the user enters some key, ... it is hashed then used to decrypt the stored hash. ... Remember to decrypt a copy of the stored encrypted hash, ...
      (sci.crypt)
    • RE: Problem while decrypting
      ... also we will encrypt data rone by one and different hash will be generated ... "lelteto" wrote: ... in CBC mode a block error affects only two ... >> i was encrypting the data using the pass phrase. ...
      (microsoft.public.platformsdk.security)
    • Re: Hash of item as IV for CBC mode?
      ... > encrypting that item using a block ... Only the obvious problem that when you want to decrypt the ... and had changed my plan to use a fixed ... I forgot that I had thought of an rejected using the hash ...
      (sci.crypt)
    • Re: Hash of item as IV for CBC mode?
      ... encrypting that item using a block ... cipher in CBC mode? ... Only the obvious problem that when you want to decrypt the ... I forgot that I had thought of an rejected using the hash ...
      (sci.crypt)
    • Re: rsa implementation question
      ... > There is a notion of blocks in many public-key ciphers, ... It's not about decrypting to sign, encrypting to ... as it would mean that you'd have to find hash collisions. ... I generate a signature for a string "some string" with SHA. ...
      (comp.lang.python)