Password-Based-Encryption: Checking the password

Hello.

I am currently working on a little password based file encryption feature for an application I am doing. The following is an incomplete function that I have worked on to encrypt some content and (will eventually) write it to a file.

public static void encrypt(byte [] data, char [] password, File file) throws ...
{ 
    byte[] salt = { (byte)0xA9, (byte)0x9B, (byte)0xC8, (byte)0x32, 
                    (byte)0x56, (byte)0x35, (byte)0xE3, (byte)0x03 };
    int iterationCount = 50;
        
    PBEKeySpec keySpec = new PBEKeySpec(password, salt, iterationCount);
    PBEParameterSpec paramSpec = new PBEParameterSpec(keySpec.getSalt(), keySpec.getIterationCount());
    SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBE");
    SecretKey key = keyFactory.generateSecret(keySpec);
    Cipher cipher = Cipher.getInstance(key.getAlgorithm());
    cipher.init( Cipher.ENCRYPT_MODE, key, paramSpec );
    byte [] enc_data = cipher.doFinal(data);
        
}

My problem comes however when the decryption process is used. I would like to be able to check for a correct password before continuing with the decryption process and simply break from the process if an incorrect password is entered.

My guess is that during the file encryption process I will have to write the hashed password into the output file along with the salt and the data and then retrieve this hashed password to compare with user input when decrypting the file.

I would like to know if I am correct in thinking I have to do as above, or perhaps there is already some way of doing this using the standard API functions that I could use instead of reinventing the wheel.

If I am incorrect in my way of thinking on this one please, by all means correct me. Criticism will be taken constructively.

Thank you in advance.

bops

Posting Whiz in Training

214 posts since Aug 2005

Reputation Points: 23

Solved Threads: 5

1 Year Ago

write the hashed password into the output file

That's like putting the house key under the door mat.
If someone decompiles your code, they have your passwords.

NormR1

Posting Expert

Moderator

6,677 posts since Jun 2010

Reputation Points: 1,138

Solved Threads: 656

1 Year Ago

Not really..

Correct me if I am wrong, but isn't a cryptographic hash function (SHA1 etc..) a one-way thing. There is no unhash function that takes a hashed string and outputs the original.

If someone gets the hashed password, they still can't decrypt the file with it.

What would you suggest instead if this is a problem?

bops

Posting Whiz in Training

214 posts since Aug 2005

Reputation Points: 23

Solved Threads: 5

1 Year Ago

Sorry, I'm not familiar with the functions you talk about. I'm only able to use methods in java.

NormR1

Posting Expert

Moderator

6,677 posts since Jun 2010

Reputation Points: 1,138

Solved Threads: 656

1 Year Ago

Not really..

Correct me if I am wrong, but isn't a cryptographic hash function (SHA1 etc..) a one-way thing. There is no unhash function that takes a hashed string and outputs the original.

If someone gets the hashed password, they still can't decrypt the file with it.

What would you suggest instead if this is a problem?

Only they will find hashes which are useless. Yes, hashing is one way and irreversible.
So what is your question as I have not understood it

evstevemd

Senior Poster

3,713 posts since Jun 2007

Reputation Points: 462

Solved Threads: 392

1 Year Ago

My question is less code (Though Java is the language I am using and would like examples or suggestions) and more theory on how files are encrypted using passwords.

Say we have a user that wants to try to decrypt a file. If the password is entered incorrectly the decryption process will attempt to decrypt the file using the user's incorrectly entered password to generate the key, thus producing an unwanted result, of a still scrambled file.

Basically I am asking if anyone knows the theory behind password based file encryption. I want the password to be checked somewhere before decryption to see if it is incorrect/correct and then abort/continue the decryption process as necessary.

I am simply asking if there are any APIs that deal specifically with checking the password before going into the decryption process.

Is it ok to store the hashed password in that encrypted file (Which would be my theory on how to do this) so we can retrieve and compare it before decryption begins. Would this present any significant security risk?

In pseudocode...

// This is what I have now.

password = get password from user;
decrypt(file, password);
// Result with incorrect password produces a still scrambled file.

// This is what I want.

password = get password from user;
secret = get password for encrypted file; // Specifically this line.
if (hashed(password) == secret)
    decrypt(file, password);

// Wrong password means process is aborted, correct password means a successfully decrypted file.

I hope I have been able to clarify this well.

Thank you.

bops

Posting Whiz in Training

214 posts since Aug 2005

Reputation Points: 23

Solved Threads: 5

1 Year Ago

Ooh! I get you now.
I would do something like
1. User enters Password
2. I hash the Password and compare to password hash stored as user password
3. If hash matches I use the key to decrypt, else I keep asking Username and present vague error like (smoething went wrong, may be user name or password is wrong)

As of risk, I would store user names vs password hashes in something like MySQL database or SQLite3 database. In case of SQLite3, I would password db file in such a way that only the application can access it. So each time user enters his credentials, SQlite3 db get decrypted and queried.

evstevemd

Senior Poster

3,713 posts since Jun 2007

Reputation Points: 462

Solved Threads: 392

This article has been dead for over three months

You