Secure unsalted or fixed salt symmetric encryption?
RW
rwmaillists at googlemail.com
Mon May 25 22:57:05 UTC 2009
On Mon, 25 May 2009 23:52:05 +0200
Roland Smith <rsmith at xs4all.nl> wrote:
> On Mon, May 25, 2009 at 10:06:01PM +0100, RW wrote:
> > On Mon, 25 May 2009 21:00:39 +0200
> > Roland Smith <rsmith at xs4all.nl> wrote:
> >
> >
> > > Or you can use the -nosalt option. But as explained in
> > > [http://www.openssl.org/docs/apps/enc.html], using a random salt
> > > by default is a design decision because: "Without the -salt
> > > option it is possible to perform efficient dictionary attacks on
> > > the password". That doesn't sound good, does it?
> >
> > It's not a problem since she's using a random key file, not a weak
> > password.
>
> But a key alone is not sufficient. You'll need to specify an
> initialization vector as well, using the -iv option. E.g.:
>
> openssl enc -aes256 -in <infile> -out <outfile>.aes \
> -K 971001EE50DCDBCAF3F521851E773B0285838CA549E2258C1A195565D61F2145 \
> -iv FD246E34A631AE38
>
> If you try it with only a key or keyfile, you'll get a 'iv undefined'
> error, resulting in a zero-length output file. :-(
>
It works for me:
$ echo "hello world" > infile
$ head -c32 /dev/random |sha256 > keyfile
$ openssl enc -aes256 -nosalt -kfile keyfile -in infile -out outfile
$ openssl enc -aes256 -nosalt -d -kfile keyfile -in outfile
hello world
More information about the freebsd-questions
mailing list