Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Y
Y
yurtaev2013-01-05 02:06:24
Encryption
yurtaev, 2013-01-05 02:06:24

Checking the correctness of the key for AES decryption

It seems to me that I am cycling and missed something, but how to implement a key check for AES that it is correct before decrypting the data, for example, the user specified an incorrect password. So far, as an idea to store:

password_crypt = AES.encrypt("True Secret Passphrase", "True Secret Passphrase")

and then do a check on the client side to which password_crypt will be transmitted:

"User Secret Passphrase" === AES.decrypt(password_crypt, "User Secret Passphrase") ? "мастер пароль правильный" : "мастер пароль введен некорректно"

It seems to me that I missed something very important somewhere and everything was invented and standardized without me for a long time.

PS the entire algorithm will be visible to the user, because there will be work on the client in the browser, how to check so that the user will be guaranteed the reliability of encryption (decreased strength) from hacking in the first place on our part.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
Z
zed91, 2013-01-05
@yurtaev

Storing any magic numbers that are decrypted and compared is a significant reduction in cryptographic strength. A good solution is to store the crc block. The entire data block + crc is encrypted. For verification, a complete decryption with the provided key takes place, crc is removed and compared. If the crc match, the key was correct.

Report
@
@ntkt, 2013-01-05
_

Then this is a completely legitimate method. We will still have to get the key and at least something, but decrypt it. See how TrueCrypt does it - before decrypting the entire disk, it checks that the volume header has been decrypted, and it is of a known format. If the conditions of the problem do not allow adding a known check string to the header to the plaintext data at the input, then it will have to be stored separately.
You can also store the key check value, but these are the same eggs - KCV is a truncated key hash from the key on the key :)

Report
V
vsespb, 2013-01-05
@vsespb

The smaller the magic number, the smaller the reduction in cryptographic strength, use 2-4 bytes.

Similar questions
M
mozilla2014-08-28 00:30:35
How does process isolation work in android? 2Reply
0
0xC0CAC01A2020-11-11 19:40:11
Which Linux distributions allow you to choose to encrypt the entire HDD during installation? 2Reply
M
Maxim_Q2019-02-24 22:49:52
AES link encryption without MAC - what are the possible problems? 1Reply
P
Povsekakiy Ivanov2014-10-11 19:09:47
What file encryption programs are available for Linux? 3Reply
T
toster_root2019-03-13 18:01:38
How to encrypt a file with PGPKeys? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question