2.3.5.6 Password Verification

  • Article

The password verification process is specified by the following steps:

  1. Generate an encryption key as specified in section 2.3.3, using a block number of 0x00000000.

  2. Decrypt the EncryptedVerifier field of the EncryptionVerifier structure to obtain the Verifier value. The resulting Verifier value MUST be an array of 16 bytes.

  3. Decrypt the EncryptedVerifierHash field of the EncryptionVerifier structure to obtain the hash of the Verifier value. The number of bytes used by the encrypted Verifier hash MUST be 20.

  4. Calculate the SHA-1 hash value of the Verifier value calculated in step 2.

  5. Compare the results of step 3 and step 4. If the two hash values do not match, the password is incorrect.

The RC4 decryption stream (1) MUST NOT be reset between the two decryption operations specified in steps 2 and 3.