0

I am using XXTEA in javascript and all is working, but I want to be able to have an error check for the password - so I need to determine if the decryption of arbitrary text was successful or not.

Currently, the only solution I can think of, which is not ideal, is to start the text with a token during encryption, and check if it is there after decryption - but this is not ideal. Is there another way?

Billy Moon
  • 57,113
  • 24
  • 136
  • 237
  • I couldn't get this version working at all. I get the error "TypeError: String.fromCharCode is not a function" because fromCharCode() is given 8-bit values instead of the 16-bit values it expects. – David Spector Oct 24 '18 at 01:17

1 Answers1

1

You could use a KBKDF such as HKDF or one of the NIST defined KBKDFs right after you performed you PBKDF such as PBKDF2. Then you could use a specific information field to generate a key to compare with a known, stored key and another information field to generate the key used for encryption. You may want to add some kind of integrity control as well.

This may sound like abracadabra to you, in that case first look up the relevant terms, e.g. on Wikipedia...

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Am I right in saying that this requires the encryption method to be modified? I would prefer a solution where already encrypted - possibly elsewhere (but using XXTEA) - messages can be decrypted, and the result verified as successful or not. – Billy Moon Apr 22 '13 at 10:30
  • All this voodoo is new to me - can you confirm what I understand of it... I think that you are suggesting I derive the key for encryption from the supplied password, and a known value, which can then somehow be checked inside future generated keys - so it is possible to verify the key before using it to decrypt the message. – Billy Moon Apr 22 '13 at 10:38
  • Yes, more or less. I would suggest you generate two keys from a single password derived key. Password key derivation is (deliberately) slow. You can use one to check if the password is correct and the other you use to decrypt the data. This is the cryptographically secure way, other schemes may work but are likely less safe to use. – Maarten Bodewes Apr 22 '13 at 12:03
  • Well that sounds like the best option so far, but do you know of any way to verify decryption of arbitrary text that has been encrypted with a regular password, using XXTEA? Is there a feature of incorrectly decrypted data that is always there, and can be differentiated from correctly decrypted data? – Billy Moon Apr 22 '13 at 13:25
  • Not by default, but you should be able to build an authentication tag for XXTEA, e.g. by using the CMAC construct. The CMAC should be over the ciphertext and additional data, not the other way around. This does mean it takes two block encrypts instead of one, unfortunately. – Maarten Bodewes Apr 22 '13 at 18:22