Keresztfalvi Laszlo wrote: > > > <quote> > When decrypting the final block is checked to see if it has the correct > form. > > Although the decryption operation can produce an error if padding is > enabled, it is not a strong test that the input data or key is correct. A > random block has better than 1 in 256 chance of being of the correct format > and problems with the input data earlier on will not produce a final decrypt > error. > </quote> > > Would you please tell me what exactly can be the problem with padding? >
Its not a problem more a limitation. > I hope this does not mean that I cannot decrypt what I encrypt with the same > parameter (padding enabled). Does this mean that padding can be tricked too > easily or what? > All it is really saying is that passing the padding test (that is EVP_DecryptFinal completing without error) is not by itself a realiable guarantee of the integrity of the decrypted data or indeed the correctness of the decryption key. The structure of the padding is such that if the last byte of the last block decrypted is 01 then it is considered valid. The chance of this happening is 1 in 256 for random data. Additionally only the final block is tested so errors earlier in the data will not produce any error at all. Protocols which in which integrity of the data is important use additional techniques such as message digests. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
