From owner-freebsd-questions@FreeBSD.ORG Mon May 25 21:06:06 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6E4B1106566B for ; Mon, 25 May 2009 21:06:06 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ew0-f159.google.com (mail-ew0-f159.google.com [209.85.219.159]) by mx1.freebsd.org (Postfix) with ESMTP id EDC0D8FC13 for ; Mon, 25 May 2009 21:06:05 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: by ewy3 with SMTP id 3so3387486ewy.43 for ; Mon, 25 May 2009 14:06:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type:content-transfer-encoding; bh=PKAzpAKpzotgRTKZ0h8bp84FvXQXWuRzkyICgT9SFoM=; b=OjlnGAYlAqitLE5Ts/9W7fzcPFDoznY8/itnMoh2aOa87VzPwql9VMbKJOlgCPULaR mx/WoN0zxtGvsTw37C6A2j5spysCJW31BntV3lzNzWhOrrRec44BXb56TgD07DDzXAN0 +kE9UYPg4SqVo0hJX78qjP6ypillgL2NKQkG0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=dXoiKFX9U7Se5wcrUFzVtDOs6fjpjjD6nAlwlQyhpfNUfpiYFlX+ub6pcJXOK6DtOm 3SscCV7OQ9wXDCwzI7PNUytpCChinVRas2Ym0fiLNhuRbAO4iQYFJF43fYyYQs4nbKo/ ka1D4ZrKyTBjx8f1xxRPoyEQG3rihIB7EuzQ8= Received: by 10.216.45.73 with SMTP id o51mr2358147web.10.1243285564636; Mon, 25 May 2009 14:06:04 -0700 (PDT) Received: from gumby.homeunix.com (bb-87-81-140-128.ukonline.co.uk [87.81.140.128]) by mx.google.com with ESMTPS id 5sm2897391eyh.0.2009.05.25.14.06.03 (version=SSLv3 cipher=RC4-MD5); Mon, 25 May 2009 14:06:04 -0700 (PDT) Date: Mon, 25 May 2009 22:06:01 +0100 From: RW To: freebsd-questions@freebsd.org Message-ID: <20090525220601.1a9f7109@gumby.homeunix.com> In-Reply-To: <20090525190039.GA39139@slackbox.xs4all.nl> References: <26face530905242257m7030933cy4a1171de7a06ee59@mail.gmail.com> <20090525190039.GA39139@slackbox.xs4all.nl> X-Mailer: Claws Mail 3.7.1 (GTK+ 2.16.1; i386-portbld-freebsd7.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Secure unsalted or fixed salt symmetric encryption? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 May 2009 21:06:06 -0000 On Mon, 25 May 2009 21:00:39 +0200 Roland Smith wrote: > Or you can use the -nosalt option. But as explained in > [http://www.openssl.org/docs/apps/enc.html], using a random salt by > default is a design decision because: "Without the -salt option it is > possible to perform efficient dictionary attacks on the password". > That doesn't sound good, does it? It's not a problem since she's using a random key file, not a weak password.