Thank you for your quick answer. I have another question concerning the salt. Are there any recommendation about the salt length or how the salt is generated ?
And for the iteration number, you said that it is recommended to have more that 1000 iterations. In wich magnitude ? 5000, 10 000, 100 000 !? Victor Duchovni wrote: > > On Mon, Jan 05, 2009 at 05:06:29AM -0800, Cyanure wrote: > >> >> Hi, >> >> AES symmetric keys are 128, 192 or 256 bits long. >> >> Is there a function in OpenSSL that creates (generates) an AES key >> (probably >> using internal salt) with the desired length (128, 192 or 256 bits) ? > > Keys are either: > > - Random bit patterns generated using a suitable cryptograph (P)RNG, > e.g. read from /dev/urandom or /dev/random. > > - Password-based but strengthened via a suitable KDF (key-derivation > function). It is here that you combine a "salt" value with the > user's > password, and for this OpenSSL includes (the yet to be documented) > PKCS5_PBKDF2_HMAC_SHA1 declared in <openssl/evp.h> > > int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, > unsigned char *salt, int saltlen, int iter, > int keylen, unsigned char *out); > > the iteration count is often 1000, but should probably be higher for > new applications. > > -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > -- View this message in context: http://www.nabble.com/AES-key-generation-tp21290662p21312057.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
