How to check whether decrypting was successful?

views:

111

answers:

+3 Q:

How to check whether decrypting was successful?

When using blowfish algorithm from openssl library, one can encrypt and decrypt any data.

Furthermore any data can be encrypted (decrypted) with any key\iv. There is no way in openssl to tell whether decryption was successful or not. It's just some mathematical transformation.

So, what should I do to be sure that encryption was successful: that some data was decrypted with same key/iv which it was encrypted?

Should I add some MAGIC bytes in front of data that should be checked after decryption?

+1 A:

Of the many possible solutions, maybe consider using a CRC.

jldupont 2009-12-31 11:11:48

According to Wikipedia article, "an n-bit CRC, applied to a data block of arbitrary length, will detect any single error burst not longer than n bits". This means that I should use CRC with lenght same as my encrypted message? Because, as far as I understand, "error" in message decrypted with wrong key will most probably have maximum length (length of message). This seems not memory efficient.

Marko Kevac 2010-01-03 16:41:10

no, e.g.: a 32bits CRC will detect any single-bit error **burst** no longer than 32bits **independent** of encrypted message length. In other words, it is very memory efficient. Hope this helps.

jldupont 2010-01-03 22:34:08

Wait, wait, wait :-) If message was decrypted with wrong key, than error length will be same as message length, right? Because most probably every bit will be wrong. Right? Does it mean that error in message longer than 32bit will not be detected? Sorry for, maybe, stupid questions.

Marko Kevac 2010-01-04 09:03:23

Even if the message differs 100%, a CRC can detect this situation. If you require a more mathematical confirmation, maybe you should consider asking the question on http://mathoverflow.com/

jldupont 2010-01-04 14:05:16

Thank you. Great site.

Marko Kevac 2010-01-05 08:08:58

+5 A:

You can add a checksum (for instance, MD5 of the original content) at the end of the file. After you decrypt it, the last 16 bytes must again be equal to md5(content-16 bytes)

naivists 2009-12-31 11:14:49

checksum != MD5

jldupont 2009-12-31 11:16:08

MD5 can be used as a checksum function, since it has relatively low ratio of collisions. Of course, it's not a typical checksum function, but it's easy to calculate and it's quite fast (I know CRC is faster ;-)

naivists 2009-12-31 11:30:29

@naivists: the point is that a "checksum" is a different beast from an "hashing algorithm".

jldupont 2009-12-31 12:04:00

yes, that would be the way to go. If you want to be extra-secure, you could consider using MAC instead of a plain hash function, that would require an additional secret key to compute MAC of the data.

Krystian 2009-12-31 14:26:31

@Krsytian: There is a relatively new construct called Authenticated Encryption With Additional Data, or AEAD, which encrypts and MACs your data sort of all-in-one operation. See RFC 5084 and RFC 5116.

GregS 2009-12-31 21:31:33

@jldupont: I don't think Checksums and Hashes are intrinsically differents. See http://stackoverflow.com/questions/460576/hash-code-and-checksum-whats-the-difference for a good discussion.

Philippe Beaudoin 2010-01-04 03:22:13

ansaurus

tags:

views:

answers:

How to check whether decrypting was successful?

related questions