Secure unsalted or fixed salt symmetric encryption?

Roland Smith rsmith at
Mon May 25 19:00:42 UTC 2009

On Sun, May 24, 2009 at 10:57:35PM -0700, Kelly Jones wrote:
> Are there any secure openssl symmetric encryption routines that
> *don't* use a salt?
> Is it secure to use a random-but-fixed salt (openssl enc -S salt)?
> "man enc" says "This option [-salt] should ALWAYS be used [...]"
> Reason I ask: I was using this command to backup files using
> compression/encryption:
> bzip2 -k -c original | openssl enc -bf -pass file:passfile > encfile
> and was surprised that doing this to identical files yielded different
> results. I then realized "openssl enc" randomly(?) chooses a salt if
> you don't supply one.

So? It will still decrypt properly if you give the right password!
> I want my backups encrypted, but I also want identical files to
> encrypt identically. Thoughts?

You could use the -S option and specify a constant salt. It might make
the encrypted materials easier to break, though. You can generate a
random salt with openssl as well:

openssl rand 8 | hexdump -e '"0x" 2 "%X" "\n"'

(According to [],
the salt is 8 bytes.) 

Or you can use the -nosalt option. But as explained in
[], using a random salt by
default is a design decision because: "Without the -salt option it is
possible to perform efficient dictionary attacks on the password". That
doesn't sound good, does it?

Alternatively, ports like security/ccrypt hash your password to make a
key. They don't require a separate salt.

If you are using a (e.g. USB connected) disk as backup, use geli(8) to encrypt
the whole disk instead of encrypting each file separately.

[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url :

More information about the freebsd-questions mailing list