#6 Undecryptable bfe file with a certain specific password

[Russ Williams]

As per unanswered email in the mailing list:
https://sourceforge.net/mailarchive/forum.php?thread_name=20100115173901.lrgsvc89es8c0skc%40brainsurgery.net&forum_name=bcrypt-users

I also see this bug, on Linux. Encrypting with the specific password Sfjhm7SgcmMSTVQWd152c87heOWEZvPL produces a bfe file (and erases the original source file), but decrypting the bfe file fails (with error "Invalid encryption key for file")!

Trying to encrypt and decrypt with a slight variation of the password, e.g. Sfjhm7SgcmMSTVQWd152c87heOWEZvPLa (appending 'a' to the end) works fine.

So for some reason some small subset of passwords (at least one) create an un-decryptable file, with no obvious reason why, so one can't simply easily avoid that class of passwords. Very dangerous...!

[Mark Kramble]

A shorter password that exhibits this bug is "fredbloggs".

This bug is due to one or more trailing 0's in the 56 byte key generated from the password which will occur for one in 256 passwords.

To fix this bug, the size adjustment code circa line 106 of wrapbf.c needs to be modified to take account of trailing zeros in the key. The file will then decrypt successfully.

PS Oops, and this has already been mentioned by the original author in the link above (I should really do my research a bit better before posting). I'll give that mod a try rather than my own quick hack.