Package: libjs-cryptojs Version: 3.1.2+dfsg-2 Severity: normal Dear Maintainer,
Up to jessie, one could encrypt something using openssl: echo "This is a test" | openssl enc -aes-256-cbc -pass pass:mypassphrase -e -base64 and decrypt it using crypto-js var plaintext = CryptoJS.AES.decrypt("U2FsdGVkX1+xT6Jz+c3NLK7zo1OpCBONwFRDOJaWurQ=", "mypassphrase" ); This doesn't work with openssl from stretch onward, since openssl is no longer using md5. evpkdf.js contains: "hasher: MD5" It is possible to work around by adding "-md md5" to openssl calls. cryptojs should be compatible with openssl defaults. -- System Information: Debian Release: 9.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) libjs-cryptojs depends on no packages. Versions of packages libjs-cryptojs recommends: ii javascript-common 11 libjs-cryptojs suggests no packages. -- no debconf information