[openssl-users] Password based key derivation

Jeffrey Walton noloader at gmail.com
Thu Apr 9 21:09:25 UTC 2015

>  1)      Can the function PKCS5_PBKDF2_HMAC_SHA1() in 0.9.8zf be used to
> derive a key for AES-256-CBC encryption from user supplied passphrase?

For the function PKCS5_PBKDF2_HMAC_SHA1, Yes. See

I'm not sure what the significance of 0.9.8zf is.

> 2)     Is PKCS5_PBKDF2_HMAC_SHA1() preferable to EVP_BytesToKey()  and why ?

Yes. See https://wiki.openssl.org/index.php/Manual:EVP_BytesToKey(3).

More information about the openssl-users mailing list