thank you all for chiming in. On Mon, Feb 4, 2019 at 1:13 PM Tom Glod <t...@makeshyft.com> wrote:
> Just to clarify > > My (local) application uses a salt and pepper technique to add cycles to > the decrypt. The pepper (a-z) is added to the salt the first time the > account is made. > > Afterward, when I try to log into the account using the correct password, > my application has to cycle through the peppers to find the right combo for > a correct decrypt. > > I 'almost always' get a "bad decrypt" error message when just the pepper > is wrong.....except for the odd time that its gibberish. > > When the password, salt and pepper is right, the decryption works and the > right binary data is returned. > > Because I know what I am expecting as decrypted data, its easy to check if > the decrypt really worked or not. > > But until now I was relying on an accurate error message to tell if the > decrypt work or not....which I guess I cannot do. > > I was wondering why I usually get a normal ssl error message? and only > occasionally gibberish? There doesn't seem to be any pattern to it. > > On Mon, Feb 4, 2019 at 11:30 AM Brian Milby via use-livecode < > use-livecode@lists.runrev.com> wrote: > >> This is not a bug. The SSL library will only complain if it requires a >> parameter with a certain bit length and you provide an invalid value. As >> long as your key/password/IV/salt are acceptable then you will get the >> result of the decrypt. One way (not necessarily secure) is the pretend >> your salt to the encrypted message. When you decrypt you verify that it >> starts with your salt. If not, you know something went wrong. Including a >> hash is better. >> >> Thanks, >> Brian >> On Feb 4, 2019, 11:12 AM -0500, Bob Sneidar via use-livecode < >> use-livecode@lists.runrev.com>, wrote: >> > Nothing in the result? >> > >> > Bob S >> > >> > >> > > On Feb 3, 2019, at 18:33 , Tom Glod via use-livecode < >> use-livecode@lists.runrev.com> wrote: >> > > >> > > Hi folks, I have just discovered a bug in Livecode where the SSL >> Library >> > > does not return a normal error message" like SSL: bad decrypt >> > > >> > > instead >> > > >> > > it returns unreadable binary garbage...... when in fact, the key and >> salt >> > > were wrong and the error message should have been "bad decrypt" >> > > >> > > I don't know how to trigger it. but i know for a fact that the key >> and salt >> > > were wrong. >> > > >> > > i build a quick workaround for when this occurs. >> > > >> > > but its weird and a little worrisome... has anyone else had >> inconsistent >> > > error messages with the ssl library? >> > >> > >> > _______________________________________________ >> > use-livecode mailing list >> > use-livecode@lists.runrev.com >> > Please visit this url to subscribe, unsubscribe and manage your >> subscription preferences: >> > http://lists.runrev.com/mailman/listinfo/use-livecode >> _______________________________________________ >> use-livecode mailing list >> use-livecode@lists.runrev.com >> Please visit this url to subscribe, unsubscribe and manage your >> subscription preferences: >> http://lists.runrev.com/mailman/listinfo/use-livecode > > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode