0

I've been trying to figure this out. Backstory: Someone gave me an encrypted file. He told me the Key, the MD5 Hash, the padding, and the mode. He encrypted it in Java using a "DESede" SecretKeySpec instance. I'm trying to decrypt the file in C#.

The FBArr is the 24-byte key. P1 = file.readallbytes(path)

        string plaintext = "";
        using (TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider())
        {
            tdes.Mode = CipherMode.ECB;
            tdes.Padding = PaddingMode.PKCS7;
            MD5CryptoServiceProvider MD5b = new MD5CryptoServiceProvider();

            ICryptoTransform decryptor = tdes.CreateDecryptor(FBArr, FBArr);
            using (MemoryStream ms = new MemoryStream(p1))
            {
                using (CryptoStream cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Read))
                {
                    using (StreamReader reader = new StreamReader(cs))
                        plaintext = reader.ReadToEnd();
                }
            }
        }

As you can see from the code, the MD5b variable doesn't do anything. Also, the IV is just set exactly to the Key. Even with these irrelevancies, I'm able to decrypt half my file. I need to decrypt the rest of the file.

My question is: How are the MD5 hash and IV used to aide in the decryption?

I think the fact that I'm not using my MD5 Hash is the reason why my key isn't fully decrypting the whole file. I completely understand that MD5 and TripleDES is not secure anymore and I shouldn't use this method in the future. I didn't make that call. I just need to resolve this using the encryption that was given to me.

Nicholas Pisca
  • 150
  • 1
  • 10
  • 1
    The md5 hash is just to verify that you've decrypted the message correctly. It's not part of encryption or decryption itself – Erwin Bolwidt Jul 02 '19 at 03:22
  • Also, ECB mode doesn't use an IV. – Erwin Bolwidt Jul 02 '19 at 03:34
  • 1
    But you haven't posted a reproducible example, and it's not clear what you mean with "I'm able to decrypt half my file". I doubt that this question can be answered unless you provide a [mcve]. – Erwin Bolwidt Jul 02 '19 at 03:34
  • @ErwinBolwidt, thanks for the comments. My code doesn't trigger any bugs, but the decyphering is half ok, half jumbled mess of characters. I should have added that I knew ECB doesn't require an IV, I was just asking its purpose. My code should be reproduceable. I can't give you the key (confidential). The code runs on my machine. – Nicholas Pisca Jul 02 '19 at 04:54
  • How do you know that the plaintext is incorrect? Have you computed and compared the MD5 sum? If you don't get an error related to the padding, the plaintext you see is correct as far as the crypto is concerned, whether you believe it or not. If it doesn't make sense to you either the sender made a mistake and encrypted garbage, or the ciphertext has been modified. That's trivial to do with ECB mode for every block except the last one or two (which contain the padding), and you can't detect it either. – Peter Jul 02 '19 at 11:31
  • When you say it’s “half” right, is the output between 9 and 16 bytes? – bartonjs Jul 02 '19 at 16:32
  • It's half correct, because the first few dozen characters are readable. then it turns into garbled mess. Then the last few dozen characters are readable again. The output is somewhere around 500 characters. – Nicholas Pisca Jul 02 '19 at 18:22
  • See also the apparently [related question](https://stackoverflow.com/q/56712755/238704) – President James K. Polk Jul 02 '19 at 19:36

0 Answers0