On Wed, Jan 28, 2009 at 12:07:25AM +0200, faust cep wrote:
> I'm new to using openssl and I have a question on dcecrypting files
> from command line. Let's suppose that we encrypt file a.txt with key:
> mykey and save the encrypted in a.enc What I want is if users decrypt
> it with a wrong key not to be notified that their password is wrong but
> instead to have a wrong decrypted file.
Incorrect keys for CBC mode encrypted octet-aligned data will with high
probability of decrypting to incorrectly padded, or non-octet aligned data.
> So the main question is: How do we force openssl to decrypt with wrong
> passwords an obtain a file?
You may not know that OpenSSL enc(1) uses PBKDF2 to derive keys from
user supplied passwords and brute-force attacks are made computationally
expensive by requiring 2000 SHA-1 HMAC computations per candidate key.
Are you sure you need this? How likely are users to be fooled by false
decrypts anyway? In any file that is not noise, failure to detect the
right structure or stastics gives away the false key.
This said, if you use a cipher that does not require padding (e.g. "rc4",
or "aes-128-cfb8"), wrong passwords won't be detected by the decryption
layer.
> I know the file will not be working but the user doesn't know what
> it contained.
This seems silly. They also won't know it contained when the decryption
fails.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
