Secure unsalted or fixed salt symmetric encryption?

Kelly Jones kelly.terry.jones at
Mon May 25 05:57:36 UTC 2009

Are there any secure openssl symmetric encryption routines that
*don't* use a salt?

Is it secure to use a random-but-fixed salt (openssl enc -S salt)?

"man enc" says "This option [-salt] should ALWAYS be used [...]"

Reason I ask: I was using this command to backup files using

bzip2 -k -c original | openssl enc -bf -pass file:passfile > encfile

and was surprised that doing this to identical files yielded different
results. I then realized "openssl enc" randomly(?) chooses a salt if
you don't supply one.

I want my backups encrypted, but I also want identical files to
encrypt identically. Thoughts?

We're just a Bunch Of Regular Guys, a collective group that's trying
to understand and assimilate technology. We feel that resistance to
new ideas and technology is unwise and ultimately futile.

More information about the freebsd-questions mailing list