openssl: PREEMPTIVE: Please do not remove '-md sha1' symmetric encryption key derivation

Regarding OpenSSL ‘enc’ feature.

Please do not remove ‘-md sha1’ and similar functionality.

Although the ‘pbkdf2’ feature is indeed useful, and I understand users should be strongly encouraged to use it, there are some situations in which it is definitely not necessary.

Version compatibility would become a significant issue. Older versions of OpenSSL do not support ‘-pbkdf2’. Removing support for ‘-md sha1’ now would not allow software to support both the current and recent previous versions.

Specifically, this warning message raised concern.

echo test | openssl enc -e -aes-256-cbc -nosalt -md sha1 -pass pass:test  -out - -in - | xxd -p

*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

ba03ee302f3d81ffcc4ff9e416b1f0b2

Of somewhat lesser concern: the warning message could require minor revisions to some complicated software using OpenSSL.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 36 (25 by maintainers)

Most upvoted comments

So this means that files encrypted will now fail to be decrypted unless a pre-removal version is kept. I think the project should think very carefully if they want to do that.

One possibility is to remove all internal use of BytesToKey from the runtime, and just inline the function in apps/enc.c, and only allow it for decrypting files.

+2
richsalz on Dec 10, 2019

Deprecate it now, then?

Yes, we should.

+1
mattcaswell on Dec 9, 2019
Read more comments on GitHub
← openssl: PKEY-method override no longer working with OpenSSL 3.0
openssl: Provider fetch not working as expected →