On Sun, May 24, 2009 at 10:57:35PM -0700, Kelly Jones wrote:
> Are there any secure openssl symmetric encryption routines that
> *don't* use a salt?
> Is it secure to use a random-but-fixed salt (openssl enc -S salt)?
> "man enc" says "This option [-salt] should ALWAYS be used [...]"
> Reason I ask: I was using this command to backup files using
> compression/encryption:
> bzip2 -k -c original | openssl enc -bf -pass file:passfile > encfile
> and was surprised that doing this to identical files yielded different
> results. I then realized "openssl enc" randomly(?) chooses a salt if
> you don't supply one.

So? It will still decrypt properly if you give the right password!
> I want my backups encrypted, but I also want identical files to
> encrypt identically. Thoughts?

You could use the -S option and specify a constant salt. It might make
the encrypted materials easier to break, though. You can generate a
random salt with openssl as well:

openssl rand 8 | hexdump -e '"0x" 2 "%X" "\n"'

(According to [http://www.openssl.org/docs/crypto/EVP_BytesToKey.html],
the salt is 8 bytes.) 

Or you can use the -nosalt option. But as explained in
[http://www.openssl.org/docs/apps/enc.html], using a random salt by
default is a design decision because: "Without the -salt option it is
possible to perform efficient dictionary attacks on the password". That
doesn't sound good, does it?

Alternatively, ports like security/ccrypt hash your password to make a
key. They don't require a separate salt.

If you are using a (e.g. USB connected) disk as backup, use geli(8) to encrypt
the whole disk instead of encrypting each file separately.

R.F.Smith                                   http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)

Attachment: pgpdbnrHSY0HW.pgp
Description: PGP signature

Reply via email to