Is there an encryption tool that won't return an error?
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is there an encryption tool that won't return an error?
I could swear that a wrong password on decryption would cause openssl (command line) to just output garbage without any indication of a bad password. I thought that was great for thwarting brute force attacks. But I just tested it and it does return an error. Did they change the tool's behavior or is my memory wrong? More important, is there any encryption tool that will output garbage and give no other hints of a bad password? GPG also returns an error BTW.
I could swear that a wrong password on decryption would cause openssl (command line) to just output garbage without any indication of a bad password. I thought that was great for thwarting brute force attacks. But I just tested it and it does return an error. Did they change the tool's behavior or is my memory wrong? More important, is there any encryption tool that will output garbage and give no other hints of a bad password? GPG also returns an error BTW.
TIA
Interesting question, but it occurs to me that such an encryption tool would be nearly worthless for the most common cases.
Your usage is atypical.
You might want to grab the code for a tool that can encrypt/decrypt and modify it to suppress error detection and error code return.
It would not be nearly worthless. It would seriously make brute force more difficult.
Modifying an existing tool is the worthless option. It would only work as expected for me, who already has the password. An attacker would just use the unmodified tool.
It would not be nearly worthless. It would seriously make brute force more difficult.
Modifying an existing tool is the worthless option. It would only work as expected for me, who already has the password. An attacker would just use the unmodified tool.
Too much effort for a security issue that is created on the user side.
$ openssl aes-256-cbc -a -e -salt -in file.txt -out encryptedfile.txt
Decryption:
Code:
$ openssl aes-256-cbc -a -d -in encryptedfile.txt -out decryptedfile.txt
Code:
$ openssl aes-256-cbc -a -d -in encryptedfile.txt -out decryptedfile.txt
enter aes-256-cbc decryption password:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
140049431397632:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:610:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
