New: Audacious (June 1, 2023), Platform 25.0 (Apr 07, 2023)
New Apr 14: macOS Portable Drive Support
450+ real apps (49GB), 1.1 billion downloads, Please donate.
Hello!
I have encrypted a folder on my USB drive. I tried to decrypt it, but I typed the password differently. As soon as I realised it, stopped the action, but it "decrypted" 4 pictures already. I retyped the pw. in the correct way, and tried to decrypt again. It only dc-ed only the last 3 files which remained and the others not anymore. Please help me! I really need those files 
Thank You Very Much
don't do anything, I'll post some things to try later on today. Also what type of encryption were you using?
before you do anything, take a copy of the files that are still encrypted and work on the copy.
If I have this right you should be able to encrypt the files with the wrong password that you used and the decrypt them with the correct password and you should have your files back.
Steve,
Just thought I'd point out you can edit your own post. You don't need to "reply" to yourself, and, as a moderator, you can edit your own post even if someone has already replied.
Tim
cool!
I reckon lots o people want that! 
but then it doesn't show up as a new post in tracker.
Bumper 
I thought that the bug where it would incorrectly decrypt (and destroy) a file when you enter the wrong password was fixed in the current release.
wasn't aware that something was supposed to change. At the moment Toucan encrypts the file and append an extension. As it's being decrypted the file extension is removed. Are you saying that you would like it to decrypt to a separate file, leaving the encryped file intact? As for storing passwords to check them agains files, there is no way that I would be happy storing them to file, although I guess they could be hashed first.
I don't mean storing them. I mean that the decryption should simply fail if the password is wrong. Having a tool destroy files if a user types a password in wrong is about as far from user friendly as possible. Or am I misunderstanding the issue?
Toucan is a custom built portable app for advanced users to synchronise, backup and encrypt their data, wherever they are.
so they should understand the risks
see what you are saying, but how should Toucan 'know' if you are using the wrong password? Also looking at the ccrypt page, this is simply the way that it works, there is no way to stop it overwriting the file on decryption, which it why it asks for the password twice, as does Toucan.
But doesn't the tool itself fail if it tries to decrypt a file with an incorrect password?
If it works the way I think it does, there is no failure.. it simply passes the file through the algorithm using the specified key (password). It has no way of knowing what comes out the other end is garbage because the wrong key was used, just like it has no way of knowing if it's good if the right key is used.
To get around this you would have to include a hash or something of that sort and do a comparison after decryption. This would mean you'd also have to decrypt to separate files..
if there was a way for it to do that then a tool could easily be written to do the same thing and crack the password. Looking at the site I think that the data is lost as ccrypt uses a random initialisation vector, so short of recreating those exact conditions re-encryption to get the files back would be difficult, however I might write a little program to brute force that vector, so there is still a chance, give me a couple of days and I'll see what I can do.
I am far from a security expert, but couldn't you do the following:
Then on decryption side..
Looks like it has a "Self Destruct Mechanism" built in.
You have one try to decrypt, if you're wrong, data is destroyed !!
Talk about security 
Tim
Hi all,
first, here are some pertinent facts about ccrypt. Most of this is explained in some detail on its man page.
So, as much as I hate to say it: the problem reported by the original poster should not technically have occurred. There must be some other explanation.
One explanation would be if Toucan passed the "-m" option to ccrypt; this would be an extremely bad idea, like driving without a seatbelt. However, I checked the Toucan 1.2 sources where the call to ccrypt appears in a file called secure-file.h, line 71. There are some things I don't like about this code (passing the password on the command line is not safe, and the double shell escapes make you wonder what happens if the password or filename contains quotes, backslashes, dollar signs, etc). However, the code does not use the "-m" option and therefore no file should have been destroyed.
I realize that "it cannot have happened" is not a very satisfying answer to a problem that in fact happened. But I would be very curious to receive more information about this problem, such as whether it can be reproduced. Perhaps the user didn't really mistype the password, but only thought he had done so? Perhaps the files that are assumed destroyed were in fact decrypted correctly?
-- Peter
So my theory on securing the file wasn't far off.. the magic number is computed from the file somehow even if it's not a full checksum. Not bad for a security noob. 
Makes sense that they do this automatically.
rayven01: you are sort-of right. The magic number is not actually computed from the file; it is the constant string "c051". This is padded with 28 bytes of seed, and the resulting 32 bytes are encrypted with one round of encryption and used as the initialization vector. When decrypting, we simply check whether the decrypted first block starts with "c051" or not. Since the magic number is encrypted along with the rest of the data, there's no way to tell whether it is present or not unless you know the key in the first place.
Steve: the password matching features does not give rise to a tool for cracking the password. One may certainly attempt a brute-force attack by trying all 2^256 possible passwords. However, the presence of the magic number does not speed up this process: even without it, one can usually tell from the first block of plaintext whether a given key matches or not (for example, every JPEG file contains the letters "JFIF" within the first 10 bytes). There is some more information on this in the ccrypt FAQ.
Peter. I reread the main page again after my post and realised my mistake, thanks for the clarification. As for your concern with passing the passwords over the commandline, I was going to use the library directly to remove that issuein the next version.
I used Toucan 1.1.2. I could not select the type of the encryption, but in the folders I've found an executable, called "burp" maybe that was it. I read among the posts, that it adds a string to the beginning of the files, or was it ccrypt? :S
this was a known issue in the 1.1 series, which is why the standard encryption type was changed in 1.2. Because of this I believe your data is lost.
I believe it's not. (okey maybe one of the files is)
What you should do is use the very first version, encrypt the files again with the incorrect password - then decrypt it again with the correct password. I can't promise it'll work, but it seems logical it does.
My problem is similar, any possible way to fix the problem and take back the file?¿
Hmm would a dycrypted file with wrong password, be able to get restored when re-encrypting with the wrong password and then finally decrypting with the correct one?
Is this an old issue that has been fixed in the time of the original post?
Hmm always make backups comes to mind..
this issue was fixed by defaulting Toucan to a different encryption method in version 1.2 and a warning has been on the Toucan homepage for some time now about using the Blowfish method, so to be honest I have very little sympathy. To finally kill the issue Blowfish will be decrypt only in version 2.
Visit the Community page
Join our forums