System: Linux Mint 18.3 Cinnamon 64-bit.

OpenSSL: 1.0.2g

Ordinarily, I would encrypt a file as follows:

openssl enc -aes-256-cbc -salt -in somefile -out somefile.enc

But I wonder what algorithm will be used to hash my password and if I can change it?

4

1 Answer

I found out by accident, here, that for openssl version 1.1.0:

-md digest Use the specified digest to create the key from the passphrase. The default algorithm is sha-256.

So, there is no point of specifying the message digest algorithm for the newer version of openssl as it already uses SHA-256.

But since on my system there is openssl version 1.0.2g, I dug further and found out, here, that:

... In OpenSSL 1.1.0 we changed from MD5 to SHA-256 ...

Essentially, this means, my openssl will by default use the old and obsolete MD5.

Luckily, this can be changed to SHA-256 with openssl version 1.0.2g:

openssl enc -aes-256-cbc -md sha256 -salt -in somefile -out somefile.enc

If you have an older openssl version than me, you might want to try -md sha1, if the above fails.

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy