When I attempt to decrypt a salted hash and it fails, "it" contains empty and the result contains "(SSL error: bad decrypt)", otherwise it contains some value and the result is empty. The only thing I can think of is that at random times even though the pepper is invalid, the decrypt function succeeds! That would suck, but I have yet to see it myself.
Bob S > On Feb 4, 2019, at 10:13 , Tom Glod via use-livecode > <use-livecode@lists.runrev.com> wrote: > > Just to clarify > > My (local) application uses a salt and pepper technique to add cycles to > the decrypt. The pepper (a-z) is added to the salt the first time the > account is made. > > Afterward, when I try to log into the account using the correct password, > my application has to cycle through the peppers to find the right combo for > a correct decrypt. > > I 'almost always' get a "bad decrypt" error message when just the pepper is > wrong.....except for the odd time that its gibberish. > > When the password, salt and pepper is right, the decryption works and the > right binary data is returned. > > Because I know what I am expecting as decrypted data, its easy to check if > the decrypt really worked or not. > > But until now I was relying on an accurate error message to tell if the > decrypt work or not....which I guess I cannot do. > > I was wondering why I usually get a normal ssl error message? and only > occasionally gibberish? There doesn't seem to be any pattern to it. _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode