Secure unsalted or fixed salt symmetric encryption?
Roland Smith
rsmith at xs4all.nl
Mon May 25 19:00:42 UTC 2009
On Sun, May 24, 2009 at 10:57:35PM -0700, Kelly Jones wrote:
> Are there any secure openssl symmetric encryption routines that
> *don't* use a salt?
>
> Is it secure to use a random-but-fixed salt (openssl enc -S salt)?
>
> "man enc" says "This option [-salt] should ALWAYS be used [...]"
>
> Reason I ask: I was using this command to backup files using
> compression/encryption:
>
> bzip2 -k -c original | openssl enc -bf -pass file:passfile > encfile
>
> and was surprised that doing this to identical files yielded different
> results. I then realized "openssl enc" randomly(?) chooses a salt if
> you don't supply one.
So? It will still decrypt properly if you give the right password!
> I want my backups encrypted, but I also want identical files to
> encrypt identically. Thoughts?
You could use the -S option and specify a constant salt. It might make
the encrypted materials easier to break, though. You can generate a
random salt with openssl as well:
openssl rand 8 | hexdump -e '"0x" 2 "%X" "\n"'
(According to [http://www.openssl.org/docs/crypto/EVP_BytesToKey.html],
the salt is 8 bytes.)
Or you can use the -nosalt option. But as explained in
[http://www.openssl.org/docs/apps/enc.html], using a random salt by
default is a design decision because: "Without the -salt option it is
possible to perform efficient dictionary attacks on the password". That
doesn't sound good, does it?
Alternatively, ports like security/ccrypt hash your password to make a
key. They don't require a separate salt.
If you are using a (e.g. USB connected) disk as backup, use geli(8) to encrypt
the whole disk instead of encrypting each file separately.
Roland
--
R.F.Smith http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090525/e6af0f46/attachment.pgp
More information about the freebsd-questions
mailing list