0

I'm trying to encrypt a string like this:

echo "hey" | openssl enc -aes-256-cbc-hmac-sha1 -md sha256 -pass pass:foo -base64

But word on the street is that older versions of openssl are not salty enough and can expose your password. The suggestions are to upgrade to openssl 1.1, use GPG, or supply your own key. I don't care if the key algorithm matches pbkdf2 exactly, but how would I go about creating a more acceptable key? In other words, something similar to:

openssl -aes-256-cbc -pbkdf2 -iter 10000

bendytree
  • 303
  • 2
  • 6
  • Bear in mind that - even if you manage to get openssl 1.0.x to derive a key and iv for encryption from a password and salt, you will need the salt again when it comes time for decryption. Where would the salt be stored? openssl 1.1.1 (and above) solves this problem by storing the salt along with the ciphertext (see https://crypto.stackexchange.com/questions/3298/is-there-a-standard-for-openssl-interoperable-aes-encryption/79855#79855 for more info). So, whatever tool you use must have a way of not only doing key derivation, but also storing and retrieving the salt. – mti2935 Jul 13 '22 at 21:37
  • @mti2935: openssl enc has always back to 0.9.x stored the salt with the ciphertext; what is new in 1.1.1 (and 3.0) is the optional `-pbkdf2 [-iter $n]` instead of the old `EVP_BytesToKey` (a modification of PBKDF1 as described in my answer there) with ONE iteration. – dave_thompson_085 Jul 14 '22 at 00:35
  • @dave_thompson_085 Thanks for adding this clarification. OP, my comment above should be read in the context of PBKDF2 key derivation. For some interesting reading on key derivation used in older versions of openssl, see https://security.stackexchange.com/questions/29106/openssl-recover-key-and-iv-by-passphrase. – mti2935 Jul 14 '22 at 10:29

0 Answers0