Archived Forum Post

Index of archived forum posts

Question:

Decryption using PBEWithMD5AndDES

Dec 26 '12 at 21:45

The Java side of our project performs the encryption using essentially a set of bytes which could be called the "salt". The 42 salt bytes are put directly into the program as the "master password", rather than passing in a text password and some salt bytes which would be concatenated together in your class in some fashion to comprise the "master password." Would your C++ CkCrypt2 class be able to handle this for the decryption, and if so, how? Is it legal to assign no password with put_PbesPassword and just put in the 42 bytes into SetEncodedSalt? Also, is it legal to pass a 42 byte salt in the first place?


Answer

See this example: http://www.example-code.com/vcpp/crypt2_PBEWithMD5AndDES.asp


Answer

I did see that code, but that code prompted my questions above. The example has a PBES password of "secret", and salt bytes of "C773218C7EC8EE99". Our use case would be that we have no password, but a long set of salt bytes. I wasn't sure if not specifying a password was a valid condition, whether passing a long set of salt bytes was a valid condition, and whether it would generate the desired result.


Answer

I think the answer is no. PBES1 is defined here: http://tools.ietf.org/html/rfc2898#section-6.1.2

According to the definition of the algorithm, the salt must be 8 bytes.