2.3.6.4 Password Verification

  • Article

The password verification process is specified by the following steps:

  1. Generate an encryption key as specified in section 2.3.6.2, using a block number of 0x00000000.

  2. Decrypt the EncryptedVerifier field of the RC4 Encryption Header structure to obtain the Verifier value. The resulting Verifier value MUST be an array of 16 bytes.

  3. Decrypt the EncryptedVerifierHash field of the RC4 Encryption Header structure to obtain the hash of the Verifier value. The number of bytes used by the encrypted Verifier hash MUST be 16.

  4. Calculate the MD5 hash value of the results of step 2.

  5. Compare the results of step 3 and step 4. If the two hash values do not match, the password is incorrect.

The RC4 decryption stream (1) MUST NOT be reset between decrypting EncryptedVerifier and EncryptedVerifierHash.