for openssl enc, -salt appears to be the default but the documentation claims -nosalt is the default.
reading enc(1ssl):
-salt
use a salt in the key derivation routines. This option should
ALWAYS be used unless compatibility with previous versions of
OpenSSL or SSLeay is required. This option is only present on
OpenSSL versions 0.9.5 or above.
-nosalt
don't use a salt in the key derivation routines. This is the
default for compatibility with previous versions of OpenSSL and
SSLeay.
And yet it appears that both forms of invocation use -salt as the
default (as measured by the salt being an additional prepended
cipherblock):
0 d...@pip:~$ printf 'abcdabcdabcdabc\n' | FUBAR=abcd openssl enc
-aes-128-cbc -nopad -e -pass env:FUBAR | wc -c
32
0 d...@pip:~$ printf 'abcdabcdabcdabc\n' | FUBAR=abcd openssl enc
-aes-128-cbc -nopad -e -pass env:FUBAR -nosalt | wc -c
16
0 d...@pip:~$ printf 'abcdabcdabcdabc\n' | FUBAR=abcd openssl aes-128-cbc
-nopad -e -pass env:FUBAR -nosalt | wc -c
16
0 d...@pip:~$ printf 'abcdabcdabcdabc\n' | FUBAR=abcd openssl aes-128-cbc
-nopad -e -pass env:FUBAR | wc -c
32
0 d...@pip:~$ openssl version
OpenSSL 0.9.8k 25 Mar 2009
0 d...@pip:~$
This is on a debian testing system. This report has already been filed
with debian at http://bugs.debian.org/544763
thanks for openssl.
--dkg
signature.asc
Description: PGP signature
