3DES cryptography possible bug
- From: komputisto@xxxxxxxxx
- Date: Wed, 17 Oct 2007 08:53:36 -0700
I seem to have found a problem with Microsoft's cryptography package
and am wondering if anyone has any additional information.
The problem specifically manifests when building an application in
Visual Studio 2005, targeting a Pocket PC 2003 Device, and running on
a Pocket PC 2003 Device. The same build on a WM5 device does not
exhibit the behavior, nor does a build targeting a Windows Mobile 5.0
Pocket PC Device, nor does a Win32 build.
The problem manifests when using MS_ENHANCED_PROV/PROV_RSA_FULL/
CALG_3DES. Encrypted strings of less than 1000 characters in length
(pre-encryption) (1000 or less, post-encryption) cannot be decrypted
successfully. The function returns ERROR_INVALID_PARAMETER. The
buffer returns with the first 8 characters decrypted, the next 8
unchanged, then garbage for the remainder (possibly overwriting
memory). The length parameter is unchanged. This happens both when
you try to decrypt the whole string in one pass and when you try to do
multiple passes of 8 characters each. It always fails on the first
pass in that second case. I believe the same modifications are made
to the buffer in both cases. Simply padding the string to a length of
1000 characters works around the problem.
.
- Prev by Date: Re: How to work around UAC?
- Next by Date: regarding SCardReadCache/ScardWriteCache
- Previous by thread: RE: CrpytAPI, Decryption using the Public Key
- Next by thread: regarding SCardReadCache/ScardWriteCache
- Index(es):
Relevant Pages
|
