Old openssl version does not support -iter or -pbkdf2, how does it derive the encryption key for AES?

RocketNuts

1/5/24, 12:42 PM

When using openssl or libressl to encrypt or decrypt data with AES, I typically specify -iter 1000000 -pbkdf2 to explicity force the key derivation method.

However I'm currently dealing with a remote system that has an older openssl version (openssl version says OpenSSL 1.0.2k-fips 26 Jan 2017) and it doesn't support the -iter or -pbkdf2 parameters.

If I encrypt a plaintext file on the old machine like this:

openssl enc -aes-256-cbc -salt -md sha512 -pass file:MySecretKey -in plain.txt -out cipher.bin

I can decrypt the result on newer systems like so:

libressl enc -d -aes-256-cbc -md sha512 -pass file:MySecretKey -in cipher.bin

The latter gives me a warning though:

*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

However it does output the correct plaintext result.

I'm wondering, if not PBKDF2, what kind of key derivation method is used by the old openssl?

149

0 + 1

aes

key-derivation

pbkdf-2

dave_thompson_085

1/6/24, 12:46 AM

Dupe https://crypto.stackexchange.com/questions/3298/is-there-a-standard-for-openssl-interoperable-aes-encryption/#35614 and https://crypto.stackexchange.com/questions/36981/what-are-kdf-parameters-in-openssl-command-line-utility-for-enc plus several more on security.SX and other Stacks.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Old openssl version does not support -iter or -pbkdf2, how does it derive the encryption key for AES?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.