Steve,
>
> Salt shouldn't be predictable so using a fixed string isn't an option but it
> isn't secret.
>
I'm using rand_bytes() to create the salt.
>
>>IV. I should really use an IV with some modes. Again, its random
>>bytes, but it doesn't have to be secret. I will also have to transmit
On Tue, May 10, 2005, Sean Covel wrote:
> Steve,
>
> >
> >>Additionally you seem to be using an unsalted key derivation algorithm with
> >>a
> >>stream cipher (RC4). If passwords are reused then I hope you aren't sending
> >>anything sensitive that way because that is an insecure combination.
>
Steve,
>
>>Additionally you seem to be using an unsalted key derivation algorithm with a
>>stream cipher (RC4). If passwords are reused then I hope you aren't sending
>>anything sensitive that way because that is an insecure combination.
>>
>
Additional Questions:
SALT isn't secret, correct?
Steve,
Dr. Stephen Henson wrote:
[snip]
>>Here are the relevant chunks for code. I'm trying to give enough code
>>without over-burdening you. If you need more, let me know.
>>
>
> [snip]
>
> Here's one problem:
>
>
>>EVP_CIPHER_CTX_set_key_length(&Dctx, 128);
>
>
> the length para
On Mon, Apr 25, 2005, Sean Covel wrote:
> Now that I've updated to the latest OpenSSL (7g) I've got a question:
>
> I implemented some RC4 functionality using the low-level rc4 functions.(
> RC4_Set_Key, RC4), and its working fine.
>
> The OpenSSL documentation recommends using the EVP_* functio
I'm continuing to test. I've noticed something else strange with the
EVP_ functions...
I have a test program that reads in text file "A" a chunk at a time,
encrypts the chunk, then writes it out to "B". It then reads "B" back
in a chunk at a time, decrypts it, and writes it back out to "C".
Simp
Now that I've updated to the latest OpenSSL (7g) I've got a question:
I implemented some RC4 functionality using the low-level rc4 functions.(
RC4_Set_Key, RC4), and its working fine.
The OpenSSL documentation recommends using the EVP_* functions instead
of the lower level functions. It seems li
