2.3.4.9 Password Verification (Standard Encryption)

  • Article

Passwords MUST be verified by using the following steps:

  1. Generate an encryption key as specified in section 2.3.4.7.

  2. Decrypt the EncryptedVerifier field of the EncryptionVerifier structure as specified in section 2.3.3, and generated as specified in section 2.3.4.8, to obtain the Verifier value. The resulting Verifier value MUST be an array of 16 bytes.

  3. Decrypt the EncryptedVerifierHash field of the EncryptionVerifier structure to obtain the hash of the Verifier value. The number of bytes used by the encrypted Verifier hash MUST be 32. The number of bytes used by the decrypted Verifier hash is given by the VerifierHashSize field, which MUST be 20.

  4. Calculate the SHA-1 hash value of the Verifier value calculated in step 2.

  5. Compare the results of step 3 and step 4. If the two hash values do not match, the password is incorrect.