-1

I have an enc/dec process set up for a system where a user edits a file. If the encrypted file has been modified maliciously, I want to be able to handle it and say "oh decryption failed, gonna start with a clean file"... something like that. But I'm not sure how to handle the exception in a way that doesn't stop program execution.

TO reiterate, I am NOT having a problem with decrypting perfectly valid data. I am encountering the Bad Data error with actual bad data, and am simply wondering how to handle it gracefully. When the error occurs the CryptoStream can't close the file, so I can't overwrite it with the plaintext file or use it for any other stuff.

BTW this is .NET code being used in LabView. Can't really paste the code here.

BicMacinaPimpHat
  • 17
  • 3
  • Can you just catch that specific exception and handle it in the catch block? – Bob Horn Jul 05 '12 at 15:15
  • In .NET sure. But LabView's a bit trickier, as it doesn't have the typical error-handling mechanisms in other languages (I know, >language). I am looking into this now though. – BicMacinaPimpHat Jul 05 '12 at 15:24
  • Ah, so this is a LabView question... can't help you there. However, I know someone that's a LabView guy. I'll show him your question. – Bob Horn Jul 05 '12 at 15:26
  • Thanks. I think I might just try reading the error string labview gives me and basically form a "ghetto" catch block (i.e. if an error happened and the source says "invalid length"/"bad data", ditch everything, otherwise execute everything else). – BicMacinaPimpHat Jul 05 '12 at 17:52

1 Answers1

0

The only reliable way to handle malicious modification is to use an encryption scheme that includes authentication, such as AES-GCM, which is getting popular with certain protocols. If the encrypted ciphertext is just padded, you can change the data and with a bit of luck (approximately 1/256) or a few tries, the data still look valid. Not every software does pad/unpad safely either.

You will at least have to post the API's used for anybody to tell you how to handle specific exceptions.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Actually I do include authentication, kinda. On encryption I compute a SHA512 on the data, and check it against the successfully decrypted data afterwards. If it's been tampered with I alert the user of the program and let them choose to erase the data, but I still decrypt it first... not sure whether this is smart or not. Due to the usage scenario I'm actually not overly concerned about the security, I just want to deter typical employees from trying to mess with the file. If they really want it they're gonna get it, since I have to store the key in the program too... – BicMacinaPimpHat Jul 05 '12 at 19:06
  • It's better than nothing, but we will have to know the entire scheme to know if it is correct or not. If you store it outside the encrypted area you will leak information as you can check plain text strings against the hash, for instance. There is an awfull lot of ways that proprietary schemes can be broken. It's not so much *if* it is broken, it's about how much it is broken. – Maarten Bodewes Jul 05 '12 at 21:25
  • Hash is stored in a separate file with the encrypted data. If someone wants to brute-force Sha-512 be my guest. – BicMacinaPimpHat Jul 06 '12 at 13:08
  • I would not have to. For short messages I would simply guess the plain text and check it against your SHA-512 hash. – Maarten Bodewes Jul 06 '12 at 22:10
  • Lol... unfortunately SHA is non-malleable so good luck guessing an entire text file. It's about 2 KB large, so... 2^16000 different guesses? I can assure you this file is not worth it. – BicMacinaPimpHat Jul 10 '12 at 14:30
  • @BicMacinaPimpHat as long as you understand the risks, fine by me. But if you are such an expert, why can't you solve that simple question you asked here? – Maarten Bodewes Jul 10 '12 at 18:09
  • Well I asked here to see if anyone had their own unique insight to offer. I solved it myself shortly afterward, but what if there's a better way? I dunno. Anyway, no need to get upset and downvote the question bro. – BicMacinaPimpHat Jul 11 '12 at 19:58
  • @BicMacinaPimpHat I'm not downvoting the question because I'm upset (why would I get upset?), I'm downvoting it because it offers to little information and leads to extensive discussion (as we do now), both are outside of StackOverflow's definition of a correct question. – Maarten Bodewes Jul 11 '12 at 20:32
  • Yeah, which is why you only downvoted AFTER I pointed out how absurd the notion of "guessing" a file's content, even a text-based one. – BicMacinaPimpHat Jul 12 '12 at 18:28
  • Yeah, and that's why, besides my answer there are people brimming around to answer your question. You cannot post the code, but you do want to have a question answered that can only be answered when you show us the code or at least the design. Whatever. Over and out for me. – Maarten Bodewes Jul 12 '12 at 20:01