[openssl-dev] openssl enc changed behaviour between 1.1.0 and earlear
Richard Levitte
levitte at openssl.org
Thu Nov 3 21:12:44 UTC 2016
In message <20161103202349.ub4aq27wzv4whvay at breakpoint.cc> on Thu, 3 Nov 2016 21:23:50 +0100, Sebastian Andrzej Siewior <openssl-dev at ml.breakpoint.cc> said:
openssl-dev> Commit f8547f62c21 ("Use SHA256 not MD5 as default digest") changed the
openssl-dev> default hash from md5 to sha256.
openssl-dev> This leads to bug reports like this [0] where people can't access their
openssl-dev> old encrypted files.
openssl-dev> Would it work for if MD5 is tried if the now default options fails the
openssl-dev> encryption? I see some output on the console before openssl's error
openssl-dev> shows up so it does not look like a one liner.
openssl-dev>
openssl-dev> [0] bugs.debian.org/843064
That would be quite a job. The correctness of the key can't be
discovered before the last encrypted block, where the decrypted
padding will either be correct (because it was the right key) or not
(because it was the wrong key). Take into account a pipe with a 10MB
file, I'm sure you see where that takes us.
The solution in that bug report seems sane, even though unfortunate.
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-dev
mailing list