Note: This is just based on squinting at your code for a few seconds.
I didn't try to compile it.
1. It looks as though you might be using a truncated SHA1 hash of a
password as an AES key. That's a serious security hole and there's no
good reason to do that. Please use a PBKDF. If I'm reading this wrong
or you don't understand this comment, please reply with an explanation
of what you're doing, because I don't understand your code and all my
commentary is likely off the mark.
2. Don't hex decode into a string unless what was encoded was a proper
string to begin with. If i'm reading your code right, I'd predict that
any time one of your randomly generated IV bytes is a zero, you're
getting uninitialized memory in your IV and (possibly) failing. It's
not a lock that you'll fail every time, but I'd suspect that every
time you fail there's a zero in that buffer.
For the sake of illustration, let's imagine a 4-byte random IV:
// unsigned char[] ivB = { 0xba, 0xdf, 0x00, 0x0d};
HexEncode((const char *)ivB, hexVec);
// hexVec = "badf00d";
HedDecode(hexVec,decVec)
// decVec = "ºß";
// the bytes in decVec will be {0xba, 0xdf, 0x00, UNDEFINED}
// because 0x00 is the terminator for an ASCII string
memcpy(ivB,decVec.c_str(),4);
// ivB will now be {0xba, 0xdf, 0x00, 0x??} where ?? comes from
whatever uninitialized memory was there after the internal
representation. Ideally, this should crash, but that's probabilistic,
not deterministic.
Hope this helps,
Geoff
--
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
