It's actually a mix of a couple of hashes. Specifically md5, and sha1 according to the spec.
The best place to look for this would be the standard RFC document since OpenSSL complies to that. The TLSv1 RFC (linked here: http://www.ietf.org/rfc/rfc2246.txt) contains how the key material is generated for a given session. See section 6.3 on page 20. There is a similar section in the SSLv3 RFC document too. Hope this sheds some light! -Sam On Fri, Sep 10, 2010 at 1:57 PM, Stephan Müller <muell...@math.hu-berlin.de>wrote: > Hello, > > i am wondering how key derivation in openssl works, I got > > > > openssl enc -des -P -k 'admin' -nosalt > key=21232F297A57A5A7 > iv =43894A0E4A801FC3 > > as far i understand the documentation, in this setting the key and iv are > just taken from > > md5(admin)=456b7016a916a4b178dd72b947c152b7 > > but obviously there has to be some magic. Could someone give me a hint for > good documentation ( != source )? > > stephan > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Sam Jantz Software Engineer
