1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Rep Power

    Cryptography and password


    I have a question on encryption. I used OpenSSL to encrypt data using a symmetric algorithm. For that I launched a command line specifying the algorithm and input/ouput.
    But OpenSSL asked me for a password. So I entered one. And after that, the encryption proceed.

    My question is the following, what mechanism is used to verify this password? And how do OpenSSL can noticed that the password is wrong when it's wrong (because I tried a wrong one just to see if it used a hash function on my password to get the decryption key, if it was the case decryption might be wrong but OpensSSL noticed that the password is wrong and didn't decrypt into a wrong plaintext)?

    Do someone know?

  2. #2
  3. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Rep Power
    It depends on the implementation and cipher, but commonly it'll have either a known header on the file or a checksum of the encrypted contents or both. If decryption fails, then the header will be wrong and the checksum won't match, so the program knows you used the wrong password.

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around

IMN logo majestic logo threadwatch logo seochat tools logo