On Apr 9, 2015, at 3:13 PM, Deepak dpb795...@gmail.com wrote:
Hi,
Any help on following questions is appreciated.
1) Can the function PKCS5_PBKDF2_HMAC_SHA1() in 0.9.8zf be used to
derive a key for AES-256-CBC encryption from user supplied passphrase?
Yes.
2) Is PKCS5_PBKDF2_HMAC_SHA1() preferable to EVP_BytesToKey() and why ?
I see PKCS5_PBKDF2_HMAC_SHA1() uses HMACs and is part of standard.
EVP_BytesToKey is pretty old and very simple. It’s not really appropriate to
use it for anything new (of course, if you’re trying to remain compatible with
something that used it in the past, you’d need to keep using it). You might
want to consider PKCS5_PBKDF2_HMAC() instead, since some people like to avoid
SHA-1 these days. Please note that PKCS5_PBKDF2_HMAC* should be slower than
EVP_BytesToKey(), and that’s a good thing. :) See also
http://openssl-users.openssl.narkive.com/AzXOpacU/openssl-support-for-rfc2898-pbkdf2
On debugging, could see PKCS5_PBKDF2_HMAC_SHA1() working with 256-bit key
but after returning from the function, the data in the stack frame gets
corrupted for me and overwrites few other parameters leading to Seg Fault.
That would suggest you’ve misused the function in some way. :) You might want
to be sure that you have allocated memory for the out parameter, as it will not
be allocated for you — that’s the only thing which comes to mind immediately.
TOM
Thank you,
Deepak
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users