[openssl-users] Is EVP_BytesToKey() still recommended ?
Matt Caswell
matt at openssl.org
Mon Feb 26 10:08:40 UTC 2018
On 26/02/18 01:15, pratyush parimal wrote:
> Hi everyone,
>
> I'm trying to find a way to convert a string password to an AES-256
> encryption key. I came across EVP_BytesToKey(), but the man-page says at
> the end:
>
> "Newer applications should use a more modern algorithm such as PBKDF2 as
> defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC".
>
> Does this mean I shouldn't use EVP_BytesToKey(), and should instead find
> out how to use PBKDF2 ? Or do I need to find out how to
> get EVP_BytesToKey() to use PBKDF2?
Don't use EVP_BytesToKey().
Details on the PKCS5_PBKDF2_HMAC function are here:
https://www.openssl.org/docs/man1.1.0/crypto/PKCS5_PBKDF2_HMAC.html
Matt
More information about the openssl-users
mailing list