transcrypt hex string is too short, padding with zero bytes to length *** WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better.

hex string is too short, padding with zero bytes to length *** WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better.

Open ghost opened this issue 6 years ago • 2 comments

Defalult encrypt is always warning,plase add -pbkdf2 -iter 1024 to update

openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter 1024 -salt -in InputFilePath -out OutputFilePath

follow by https://crypto.stackexchange.com/questions/20941/why-shouldnt-i-use-ecb-encryption

May 10 '19 09:05 ghost

ss@SSS ~/t/abc> transcrypt --version transcrypt 1.1.0

ss@SSS ~/t/abc> uname -a Linux SSS 5.0.9-2-MANJARO #1 SMP PREEMPT Sun Apr 21 07:11:08 UTC 2019 x86_64 GNU/Linux

May 10 '19 09:05 ghost

I'm not a cryptographer but using MD5 to generate a key is pretty bad IMHO. A real KDF (PBKDF2 like openssl rightly suggest) with moderate number of iterations should keep the secrets safe from a brute force attack.

Nov 13 '19 15:11 rnhmjoj

transcrypt transcrypt copied to clipboard

hex string is too short, padding with zero bytes to length *** WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better.

transcrypt
transcrypt copied to clipboard