Date: Mon, 25 May 2009 21:00:39 +0200 From: Roland Smith <rsmith@xs4all.nl> To: Kelly Jones <kelly.terry.jones@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Secure unsalted or fixed salt symmetric encryption? Message-ID: <20090525190039.GA39139@slackbox.xs4all.nl> In-Reply-To: <26face530905242257m7030933cy4a1171de7a06ee59@mail.gmail.com> References: <26face530905242257m7030933cy4a1171de7a06ee59@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--VS++wcV0S1rZb1Fb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, May 24, 2009 at 10:57:35PM -0700, Kelly Jones wrote: > Are there any secure openssl symmetric encryption routines that > *don't* use a salt? >=20 > Is it secure to use a random-but-fixed salt (openssl enc -S salt)? >=20 > "man enc" says "This option [-salt] should ALWAYS be used [...]" >=20 > Reason I ask: I was using this command to backup files using > compression/encryption: >=20 > bzip2 -k -c original | openssl enc -bf -pass file:passfile > encfile >=20 > and was surprised that doing this to identical files yielded different > results. I then realized "openssl enc" randomly(?) chooses a salt if > you don't supply one. So? It will still decrypt properly if you give the right password! =20 > I want my backups encrypted, but I also want identical files to > encrypt identically. Thoughts? You could use the -S option and specify a constant salt. It might make the encrypted materials easier to break, though. You can generate a random salt with openssl as well: openssl rand 8 | hexdump -e '"0x" 2 "%X" "\n"' (According to [http://www.openssl.org/docs/crypto/EVP_BytesToKey.html], the salt is 8 bytes.)=20 Or you can use the -nosalt option. But as explained in [http://www.openssl.org/docs/apps/enc.html], using a random salt by default is a design decision because: "Without the -salt option it is possible to perform efficient dictionary attacks on the password". That doesn't sound good, does it? Alternatively, ports like security/ccrypt hash your password to make a key. They don't require a separate salt. If you are using a (e.g. USB connected) disk as backup, use geli(8) to encr= ypt the whole disk instead of encrypting each file separately. Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --VS++wcV0S1rZb1Fb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (FreeBSD) iEYEARECAAYFAkoa6tcACgkQEnfvsMMhpyV4BQCeL1Gb+eQXcQKuN06giBS23cGy PEoAn3/cylVvsMNgEByCju9lotL407t6 =dJ6Z -----END PGP SIGNATURE----- --VS++wcV0S1rZb1Fb--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090525190039.GA39139>