I use OpenSSL to encrypt passwords. For that the parameters - $S $ salt, $K$ key, $IV$ initialization vector are used.
Although the command produces the results, I am not sure if the salt is really used or ignored.
$\begingroup$
$\endgroup$
1
-
$\begingroup$ I don't see how "-salt" in the openssl command line tool enhances security at all and Where is the salt on the OpenSSL AES encryption? ( took 2 mins to find the answer) $\endgroup$– kelalakaCommented Jul 5 at 16:49
Add a comment
|
1 Answer
$\begingroup$
$\endgroup$
4
The salt is used to derive an encryption key from the input key specified with -k in case the input key is a low entropy key such as a password. If the input key is high entropy then instead specify it with -K and avoid the extra key derivation with salt. The salt is also used to derive an IV if one is not specified. If you already have a strong key and IV then you should deactivate the salting with the -nosalt option. Read more here: https://wiki.openssl.org/index.php/Enc
But for password storage in particular you should also be hashing them with a hash function designed for password hashing, such as Argon2, Scrypt or Bcrypt. Encryption is not secure enough on its own.
-
$\begingroup$ What if I used the same combination but instead of -K,-IV, and -S I used -k, -IV, and -s will it work? Which one of these combination is the most secure? $\endgroup$ Commented Jul 4 at 12:57
-
$\begingroup$ @Bionix1441 So
-kand salting is for weaker keys like passwords, they need a stronger KDF to be made secure. OpenSSL uses PBKDF2 which is nowadays not considered as secure anymore, so you probably want to use one of the other password hashing functions I mentioned instead. Do that outside of OpenSSL and then pipe the result into OpenSSL and use as a strong key-Kwithout any salt or additional key derivation. If you already have a strong randomly generated key then just use that as your-Kwithout any salt. $\endgroup$– n-l-iCommented Jul 4 at 15:20 -
$\begingroup$ Sorry, your answer is not correct. The salt is public and used to derive different keys and IV/nonce per encryption and this prevents the rainbow attacks. Known inputs don't increase the entropy of the passwords, besides we usually say the strength of the passwords if the source is a human since $\endgroup$– kelalakaCommented Jul 5 at 16:46
-
$\begingroup$ @kelalaka I think my answer is correct. What you are referring to is the case when the user does not specify their own IV or they are using a password as their key. I mentioned this in my answer. If the user is using a strong generated key and IV and is not reusing the IV then there is no need for any additional key derivation with some salt, just use the encryption function as is. $\endgroup$– n-l-iCommented Jul 5 at 19:05