Solves false positive case where decryption fails but password candidate is accepted

glv2 / bruteforce-salted-openssl

Try to find the password of a file that was encrypted with the 'openssl' command.

Other

215 stars 52 forks source link

Solves false positive case where decryption fails but password candidate is accepted #26

Closed HFTrader closed 1 year ago

HFTrader commented 1 year ago

An edge case happens when false positive passwords are accepted as candidates erroneously.

Password candidate is accepted as a solution because the code is ignoring the result of the first EVP_DecryptUpdate

The fix is to check the result of both calls and fail if any result is a failure.

Binary is also made to return 0 as success (in case one password was found) and 1 if no password was found. This is to help shell scripts calling this binary to identify when a solution was found.

glv2 commented 1 year ago

Patch pushed as 23e3a72b1bea071995fa8de604d41b0468e5e00f with a few modifications, so that the program returns 0 if a password was found, 1 if there was an error, and 2 if there were no errors but no password was found. Thanks.