for openssl enc, -salt appears to be the default but the documentation claims -nosalt is the default.
reading enc(1ssl): -salt use a salt in the key derivation routines. This option should ALWAYS be used unless compatibility with previous versions of OpenSSL or SSLeay is required. This option is only present on OpenSSL versions 0.9.5 or above. -nosalt don't use a salt in the key derivation routines. This is the default for compatibility with previous versions of OpenSSL and SSLeay. And yet it appears that both forms of invocation use -salt as the default (as measured by the salt being an additional prepended cipherblock): 0 d...@pip:~$ printf 'abcdabcdabcdabc\n' | FUBAR=abcd openssl enc -aes-128-cbc -nopad -e -pass env:FUBAR | wc -c 32 0 d...@pip:~$ printf 'abcdabcdabcdabc\n' | FUBAR=abcd openssl enc -aes-128-cbc -nopad -e -pass env:FUBAR -nosalt | wc -c 16 0 d...@pip:~$ printf 'abcdabcdabcdabc\n' | FUBAR=abcd openssl aes-128-cbc -nopad -e -pass env:FUBAR -nosalt | wc -c 16 0 d...@pip:~$ printf 'abcdabcdabcdabc\n' | FUBAR=abcd openssl aes-128-cbc -nopad -e -pass env:FUBAR | wc -c 32 0 d...@pip:~$ openssl version OpenSSL 0.9.8k 25 Mar 2009 0 d...@pip:~$ This is on a debian testing system. This report has already been filed with debian at http://bugs.debian.org/544763 thanks for openssl. --dkg
signature.asc
Description: PGP signature