[openssl-users] Password based key derivation

Tom Francis thomas.francis.jr at pobox.com
Thu Apr 9 21:18:02 UTC 2015

> On Apr 9, 2015, at 3:13 PM, Deepak <dpb795795 at gmail.com> wrote:
> Hi,
> Any help on following questions is appreciated.
>  1)      Can the function PKCS5_PBKDF2_HMAC_SHA1() in 0.9.8zf be used to derive a key for AES-256-CBC encryption from user supplied passphrase?


>  2)     Is PKCS5_PBKDF2_HMAC_SHA1() preferable to EVP_BytesToKey()  and why ? I see PKCS5_PBKDF2_HMAC_SHA1() uses HMACs and is part of standard.

EVP_BytesToKey is pretty old and very simple.  It’s not really appropriate to use it for anything new (of course, if you’re trying to remain compatible with something that used it in the past, you’d need to keep using it).  You might want to consider PKCS5_PBKDF2_HMAC() instead, since some people like to avoid SHA-1 these days.  Please note that PKCS5_PBKDF2_HMAC* should be slower than EVP_BytesToKey(), and that’s a good thing. :)  See also http://openssl-users.openssl.narkive.com/AzXOpacU/openssl-support-for-rfc2898-pbkdf2

>  On debugging, could see PKCS5_PBKDF2_HMAC_SHA1() working with 256-bit key but after returning from the function, the data in the stack frame gets corrupted for me and overwrites few other parameters leading to Seg Fault.

That would suggest you’ve misused the function in some way. :)  You might want to be sure that you have allocated memory for the out parameter, as it will not be allocated for you — that’s the only thing which comes to mind immediately.


> Thank you,
> Deepak
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list