Steve, Dr. Stephen Henson wrote:
[snip] >>Here are the relevant chunks for code. I'm trying to give enough code >>without over-burdening you. If you need more, let me know. >> > > [snip] > > Here's one problem: > > >> EVP_CIPHER_CTX_set_key_length(&Dctx, 128); > > > the length parameter is in bytes not bits. > Thanks. Easy enough to fix. > Additionally you seem to be using an unsalted key derivation algorithm with a > stream cipher (RC4). If passwords are reused then I hope you aren't sending > anything sensitive that way because that is an insecure combination. > Good point. I assume what I really want to use is EVP_BytesToKey to create the key with salt. Thanks for the help! Sean ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
