Package: openssl
Version: 0.9.8k-4
Severity: normal
-salt appears to be the default for openssl's enc subcommand, but the
documentation is mistaken about that.
>From enc(1ssl):
-salt
use a salt in the key derivation routines. This option should
ALWAYS be used unless compatibility with previous versions of
OpenSSL or SSLeay is required. This option is only present on
OpenSSL versions 0.9.5 or above.
-nosalt
don't use a salt in the key derivation routines. This is the
default for compatibility with previous versions of OpenSSL and
SSLeay.
And yet it appears that either form of invocation uses -salt as the
default (as measured by the salt being an additional prepended
cipherblock):
0 d...@pip:~$ printf 'abcdabcdabcdabc\n' | FUBAR=abcd openssl enc -aes-128-cbc
-nopad -e -pass env:FUBAR | wc -c
32
0 d...@pip:~$ printf 'abcdabcdabcdabc\n' | FUBAR=abcd openssl enc -aes-128-cbc
-nopad -e -pass env:FUBAR -nosalt | wc -c
16
0 d...@pip:~$ printf 'abcdabcdabcdabc\n' | FUBAR=abcd openssl aes-128-cbc
-nopad -e -pass env:FUBAR -nosalt | wc -c
16
0 d...@pip:~$ printf 'abcdabcdabcdabc\n' | FUBAR=abcd openssl aes-128-cbc
-nopad -e -pass env:FUBAR | wc -c
32
0 d...@pip:~$
Thanks for maintaining openssl in debian!
--dkg
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-vserver-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssl depends on:
ii libc6 2.9-23 GNU C Library: Shared libraries
ii libssl0.9.8 0.9.8k-4 SSL shared libraries
ii zlib1g 1:1.2.3.3.dfsg-15 compression library - runtime
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20090814 Common CA certificates
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
