Incorrect decrypted content

Discussion related to AES Crypt, the file encryption software for Windows, Linux, Mac, and Java.
Post Reply
dsy
Posts: 3
Joined: Thu Jan 28, 2021 2:53 am

Incorrect decrypted content

Post by dsy »

Hi,
I have a file encrypted with AES Crypt. I enter a password to decrypt the file with AES Crypt and I get no error (code 0).
But the content of the result file is incorrect, seems random data.The entropy of the result file is 7.9 with Sysinternals sigcheck.

I think the version of AES Crypt is 3.0.9 because of encrypted file header.

I use the Windows console version 3.0.9 to decrypt the file: aescrypt.exe -d -o decrypted.bin encrypted.aes
The file to recover is an ExDupe archive: http://www.quicklz.com/exdupe/
I tried with 2 files from 2 HDD, same behavior. I don't understand why the decrypted content is incorrect.

I'm not 100% sure of the password. Is password checking reliable in AES Crypt?
Maybe the encrypted file is corrupted. Is there any CRC check implemented in AES Crypt?

Thank you.
User avatar
paulej
Posts: 595
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: Incorrect decrypted content

Post by paulej »

That should definitely not happen. If the wrong password is entered, AES Crypt should fail to decrypt. There is, indeed, a CRC-type feature in AES Crypt. Specifically, it's an HMAC-SHA-256. If the wrong password was given, the HMAC check should fail right at the start of the file, even before the balance of the file is decrypted. There are actually two: the first one protects the encryption key used to encrypt the file and the second is used to protect the contents.

I worry that perhaps you did not get the AES Crypt software from aescrypt.com, because there is no way a wrong password would result in the file decrypting without error. I usually spend my time helping people figure out why they get errors. I think you might be the first person to tell me they got no error. :)

This is definitely not expected.

Did you try using different passwords just to see if both allow it to move forward without complaint? Are the resulting "decrypted" files the same or different? That would definitely provide a clue as to what's wrong.

If you have an example you can send me, I'd be happy to take a look at it.
dsy
Posts: 3
Joined: Thu Jan 28, 2021 2:53 am

Re: Incorrect decrypted content

Post by dsy »

Hi Paul,

Thank you for your help.
That should definitely not happen. If the wrong password is entered, AES Crypt should fail to decrypt. There is, indeed, a CRC-type feature in AES Crypt. Specifically, it's an HMAC-SHA-256. If the wrong password was given, the HMAC check should fail right at the start of the file, even before the balance of the file is decrypted. There are actually two: the first one protects the encryption key used to encrypt the file and the second is used to protect the contents.
Fine, I'm now pretty sure that the password is correct and the encrypted files are not corrupted.
I worry that perhaps you did not get the AES Crypt software from aescrypt.com, because there is no way a wrong password would result in the file decrypting without error. I usually spend my time helping people figure out why they get errors. I think you might be the first person to tell me they got no error. :)
This is definitely not expected.
ok good idea. I binary compare the executable I use with the one downloaded on your site today and I get the same content. The executable comes from AESCrypt_console_v309_win32.zip
I just expected to use the 64 bit version.
Did you try using different passwords just to see if both allow it to move forward without complaint? Are the resulting "decrypted" files the same or different? That would definitely provide a clue as to what's wrong.
Yes, I created a little Python script with pyAesCrypt to check several variants of the password.
And only the expected password is working. I don't get resulting file with other passwords.
If you have an example you can send me, I'd be happy to take a look at it.
ok thank you, I'm preparing an email with some samples and more details.
My email is encrypted (Office 365) but you don't need an account to read it.
In the meantime, I have got another idea: maybe the file to encrypt is the wrong one. I will give you more details in my email.

Regards
Youri.
dsy
Posts: 3
Joined: Thu Jan 28, 2021 2:53 am

Re: Incorrect decrypted content

Post by dsy »

Hi,

I would like to thank Paul for his help and patience.
We spent time to analyse the possible causes. I think the bug was definitively in my encryption script not in AES Crypt.

Regards.
Post Reply