Hi Bob,
The code goes something like this
the_password = user password string
decrypt_key = MaximizePassword(the_password)
salt = 512hash(MaximizePassword(the_password) & pepper character)
The password string runs through a "MaximizePassword" function that
maximizes the password length even if
This has my curiosity piqued. How do you use the pepper? Do you simply
append/prepend the pepper onto the password?
Bob S
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your
t;
> > > > My (local) application uses a salt and pepper technique to add
> cycles to
> > > > the decrypt. The pepper (a-z) is added to the salt the first time the
> > > > account is made.
> > > >
> > > > Afterward, when I try to
> > >
> > > My (local) application uses a salt and pepper technique to add cycles to
> > > the decrypt. The pepper (a-z) is added to the salt the first time the
> > > account is made.
> > >
> > > Afterward, when I try to log into the a
les to
> > the decrypt. The pepper (a-z) is added to the salt the first time the
> > account is made.
> >
> > Afterward, when I try to log into the account using the correct password,
> > my application has to cycle through the peppers to find the right combo
&g
pper (a-z) is added to the salt the first time the
> account is made.
>
> Afterward, when I try to log into the account using the correct password,
> my application has to cycle through the peppers to find the right combo for
> a correct decrypt.
>
> I 'almost always' get
rd, when I try to log into the account using the correct password,
> my application has to cycle through the peppers to find the right combo for
> a correct decrypt.
>
> I 'almost always' get a "bad decrypt" error message when just the pepper
> is wrong.except
the peppers to find the right combo for
a correct decrypt.
I 'almost always' get a "bad decrypt" error message when just the pepper is
wrong.except for the odd time that its gibberish.
When the password, salt and pepper is right, the decryption works and the
right binary data is returned.
This is not a bug. The SSL library will only complain if it requires a
parameter with a certain bit length and you provide an invalid value. As long
as your key/password/IV/salt are acceptable then you will get the result of the
decrypt. One way (not necessarily secure) is the pretend your
Nothing in the result?
Bob S
> On Feb 3, 2019, at 18:33 , Tom Glod via use-livecode
> wrote:
>
> Hi folks, I have just discovered a bug in Livecode where the SSL Library
> does not return a normal error message" like SSL: bad decrypt
>
> instead
>
> it returns unreadable binary
On 2/3/19 8:33 PM, Tom Glod via use-livecode wrote:
Hi folks, I have just discovered a bug in Livecode where the SSL Library
does not return a normal error message" like SSL: bad decrypt
instead
it returns unreadable binary garbage.. when in fact, the key and salt
were wrong and the error
Hi folks, I have just discovered a bug in Livecode where the SSL Library
does not return a normal error message" like SSL: bad decrypt
instead
it returns unreadable binary garbage.. when in fact, the key and salt
were wrong and the error message should have been "bad decrypt"
I don't know
12 matches
Mail list logo
