I want to securely encrypt files, with an open algorithm.
So, i've constructed the simple openSSL shell command. How secure is it?
function aes-enc() { openssl enc -aes-256-cbc -e -in $1 -out "$1.aes" }
# Now, encrypt zip archive.
aes-enc hello.zip
What could be improved here? How long should the passphrase be in order to make the brute force unfeasible?
Should I use something else instead of OpenSSL?
Finally, five years later, some well-known cryptographers have developed the tool: https://age-encryption.org/
It uses chacha20-poly1305, works with scrypt KDF or elliptic curve keys.
If you are using a simple passphrase-based approach, then your encryption is at most as secure as your passphrase. And even if you are using a long passphrase, your encryption is at most as secure as the key derivation function used to get from the passphrase to the actual key. Openssl uses a simple MD5 hash to generate the key, which has two drawbacks:
The weakest link will be the passphrase itself though. How long does it have to be? Well the better question is: how much entropy does it need? This question can only be realistically answered if the passphrase is randomly created. Take as an example diceware: here each word in the passphrase has 12.9 bits of entropy, meaning that an attacker has to try all 7776 words in the diceware dictionary to decrypt the file (well, yes, statistically, the attacker will succeed after half that number). A five word diceware passphrase gives you about 64 bits, a ten word passphrase about 129 bits of entropy. This means that you need a ten word passphrase to have the MD5 hash of openssl cut entropy off, and shows how much weaker than the other links the passphrase usually is.
