http://blogs.msdn.com/b/openspecification/archive/2009/05/08/dominic-salemno.aspxRC4 CryptoAPI Encryption Password Verification -=- Dominic Salemno -=- Information security is important in this day and age. The most important core asset of any particular company is their information. Hence, the essential need for cryptographyen-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.msdn.com/b/openspecification/archive/2009/05/08/dominic-salemno.aspx#10370366Tue, 20 Nov 2012 21:46:33 GMT91d46819-8472-40ad-a661-2c78acb4018c:10370366FSS2012<p>I am using VB Express 2010 .NET 4.0 client profile and trying to build an office password verifier routine. &nbsp;Using your test data above I have successfully gotten your output for Steps 1, 2, and 4. I am stumped on Step 3 as I cannot get the expected output from the RC4 operation on the EncryptedVerifierHash utilizing the same derived encryption key. &nbsp;Here is the output I am getting from each of the steps:</p> <p>Step 1a (H ought): 99-1A-E8-18-8C-B3-9B-43-AC-AA-BA-8B-19-2C-6D-30-44-97-38-53</p> <p>Step 1b (H Final): D7-BE-C9-31-88-E3-39-D7-7E-1B-99-1E-DF-47-C9-8C-8D-6A-99-40</p> <p>Step 1c (Derived Key): D7-BE-C9-31-88-00-00-00-00-00-00-00-00-00-00-00</p> <p>Step 2 (Decrypted Verifier): 44-65-87-98-44-00-00-10-11-41-65-AA-A8-BA-DC-ED</p> <p>**Step 3 (Decrypted Verifier Hash): 59-48-2F-90-B0-F0-20-8E-ED-60-10-DD-5C-7A-F7-3E-D7-3B-1D-B2</p> <p>&#39;Step 4 (Hashed Decrypted Verifier): 97-17-92-03-C1-89-6A-33-C2-C1-E8-02-A6-76-6F-8B-24-E4-B0-7C</p> <p>For Step 3: &nbsp;I have set the array below for the Encrypted Verifier Hash</p> <p>Dim testencryptedVerifierHashValue As Byte() = {&amp;HB6, &amp;H35, &amp;H94, &amp;H44, &amp;H7F, &amp;HAE, &amp;H7D, &amp;H49, &amp;H45, &amp;HD2, &amp;HDA, &amp;HFD, &amp;H11, &amp;H3F, &amp;HD8, &amp;HC9, &amp;HF6, &amp;H19, &amp;H1B, &amp;HF5}</p> <p>And I pass it, along with the Derived Key (Step 1c) to the RC4 routine.</p> <p> &nbsp; &nbsp; &nbsp; &nbsp;Dim testDecryptedVerifierHash() As Byte = RC4EnDeCrypt(testencryptedVerifierHashValue, testDerivedKey)</p> <p>I would expect the output of this to be 97-17... but I get 59-48... What am I missing? &nbsp;</p> <p>Thank you for your insight and assistance.</p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=10370366" width="1" height="1">http://blogs.msdn.com/b/openspecification/archive/2009/05/08/dominic-salemno.aspx#10259664Mon, 23 Jan 2012 16:21:11 GMT91d46819-8472-40ad-a661-2c78acb4018c:10259664Norman<p>Quick question how do I get to EcrptionVerifier.Salt if the password I have needs to use the Salt to decrypt the CryptSession10Container.data in which the Salt is located? &nbsp;Isn&#39;t this chicken and egg scenario? &nbsp;Per <a rel="nofollow" target="_new" href="http://msdn.microsoft.com/en-us/library/dd951371(v=office.12).aspx">msdn.microsoft.com/.../dd951371(v=office.12).aspx</a> : The data field of this CryptSession10Container record MUST be encrypted as specified in [MS-OFFCRYPTO] section 2.3.5.1.</p> <p>Please help. &nbsp;I am trying to figure out how to decrypt a Powerpoint Binary File with given password.</p> <p>Thank you in advance.</p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=10259664" width="1" height="1">http://blogs.msdn.com/b/openspecification/archive/2009/05/08/dominic-salemno.aspx#9597972Sat, 09 May 2009 01:37:13 GMT91d46819-8472-40ad-a661-2c78acb4018c:9597972RC4 CryptoAPI Encryption Password Verification | ASP NET Hosting<p>PingBack from <a rel="nofollow" target="_new" href="http://asp-net-hosting.simplynetdev.com/rc4-cryptoapi-encryption-password-verification/">http://asp-net-hosting.simplynetdev.com/rc4-cryptoapi-encryption-password-verification/</a></p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=9597972" width="1" height="1">