########################################################################################## PHPCRED-18: Partially incorrect blind password doesn't raise an error ########################################################################################## Issue Type: Bug ----------------------------------------------------------------------------------------- Issue Information ==================== Priority: Major Status: Resolved Resolution: Fixed (2013-12-08 16:10:39) Project: PHPCredlocker (PHPCRED) Reported By: btasker Assigned To: btasker Components: - Crypto - Double-Blind Storage Targeted for fix in version: - 1.25 Time Estimate: 0 minutes Time Logged: 0 minutes ----------------------------------------------------------------------------------------- Issue Description ================== When using double-blind, setting a password of _Password12_ and then attempting to decrypt with _Pass_ should result in a decryption error. However, as the first character is successfully decrypted, the decryption appears to work. Need to ensure that the entire string has correctly decrypted. ----------------------------------------------------------------------------------------- Issue Relations ================ - relates to PHPCRED-11: Double Blind Encryption ----------------------------------------------------------------------------------------- Activity ========== ----------------------------------------------------------------------------------------- 2013-12-08 16:10:03 btasker ----------------------------------------------------------------------------------------- Need to think of a good way to resolve this. Could add an additional indicator at the end of the string, but it's not necessarily going to make much difference - if the key has rotated (due to the length) then we might still be checking against a correct character. A suitable additional step might be to add a checksum to the stored value, so the stored value would become -- BEGIN QUOTE -- 1\|..\|(base64 pass)\|..\|(checksum) -- END QUOTE -- ----------------------------------------------------------------------------------------- 2013-12-08 16:10:34 btasker ----------------------------------------------------------------------------------------- Commit a3559cf implements a checksum operation to verify that the correct pass has been provided. ----------------------------------------------------------------------------------------- 2013-12-08 16:10:39 ----------------------------------------------------------------------------------------- btasker changed status from 'Open' to 'Resolved' ----------------------------------------------------------------------------------------- 2013-12-08 16:10:39 ----------------------------------------------------------------------------------------- btasker added 'Fixed' to resolution ----------------------------------------------------------------------------------------- 2013-12-08 16:34:33 ----------------------------------------------------------------------------------------- btasker added '1.25' to Fix Version ----------------------------------------------------------------------------------------- 2013-12-08 16:34:33 ----------------------------------------------------------------------------------------- btasker removed '1.5' from Fix Version