From owner-freebsd-questions@FreeBSD.ORG Mon May 25 05:57:36 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8B71C106566B for ; Mon, 25 May 2009 05:57:36 +0000 (UTC) (envelope-from kelly.terry.jones@gmail.com) Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.26]) by mx1.freebsd.org (Postfix) with ESMTP id 461608FC1D for ; Mon, 25 May 2009 05:57:36 +0000 (UTC) (envelope-from kelly.terry.jones@gmail.com) Received: by qw-out-2122.google.com with SMTP id 3so1615784qwe.7 for ; Sun, 24 May 2009 22:57:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=UIP4egCm42g5ULX5c7dX5v4pY6EnzKusMxwozefRJ5s=; b=USv7lwpC2O3+2HmzE0ycDz1ZYdIZHHdBTolPscSeVBx7W0a799/6fh2au3OcyvbxYe rFR8c8U2wm2LOI5TDZud+km3ZLjPNk5ogCroWhJCUSd6VM+HmnIqUNSDvTnRLnMU/JM/ cfpPR3BjHqjhLHbr1OGqsZBFwIvEJVDlTbaFs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=KoY4FtJhRHaulMSP97eSlOqEkRmBAiYt/xAt8shKtiSjAHdDcmm4aHbj1DC689QOxl maGt7j8eyH5S8SP4oIgXTqdqEQpPQrMn2GaeCNxZP0bdXAvrWcRR4OeyBggHRXGJm7pt b8OJ2KxJdr14blHyCcr4P7E3z/MocAek4e3ow= MIME-Version: 1.0 Received: by 10.229.80.78 with SMTP id s14mr1914043qck.101.1243231055656; Sun, 24 May 2009 22:57:35 -0700 (PDT) Date: Sun, 24 May 2009 22:57:35 -0700 Message-ID: <26face530905242257m7030933cy4a1171de7a06ee59@mail.gmail.com> From: Kelly Jones To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Secure unsalted or fixed salt symmetric encryption? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 May 2009 05:57:36 -0000 Are there any secure openssl symmetric encryption routines that *don't* use a salt? Is it secure to use a random-but-fixed salt (openssl enc -S salt)? "man enc" says "This option [-salt] should ALWAYS be used [...]" Reason I ask: I was using this command to backup files using compression/encryption: bzip2 -k -c original | openssl enc -bf -pass file:passfile > encfile and was surprised that doing this to identical files yielded different results. I then realized "openssl enc" randomly(?) chooses a salt if you don't supply one. I want my backups encrypted, but I also want identical files to encrypt identically. Thoughts? -- We're just a Bunch Of Regular Guys, a collective group that's trying to understand and assimilate technology. We feel that resistance to new ideas and technology is unwise and ultimately futile.