December 24th, 2012, 11:18 AM
Cryptography and password
I have a question on encryption. I used OpenSSL to encrypt data using a symmetric algorithm. For that I launched a command line specifying the algorithm and input/ouput.
But OpenSSL asked me for a password. So I entered one. And after that, the encryption proceed.
My question is the following, what mechanism is used to verify this password? And how do OpenSSL can noticed that the password is wrong when it's wrong (because I tried a wrong one just to see if it used a hash function on my password to get the decryption key, if it was the case decryption might be wrong but OpensSSL noticed that the password is wrong and didn't decrypt into a wrong plaintext)?
Do someone know?
December 24th, 2012, 03:22 PM
It depends on the implementation and cipher, but commonly it'll have either a known header on the file or a checksum of the encrypted contents or both. If decryption fails, then the header will be wrong and the checksum won't match, so the program knows you used the wrong password.