When I encrypt or decrypt a file I get *** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
I do not understand what this means, how i should change the my procedures. Could you help me?
I encrypt with openssl des3 <input >output.des3
and decrypt with openssl des3 -d <input.des3 >output
About the environment
Ubuntu 18.10
~$ openssl version
OpenSSL 1.1.1 11 Sep 2018
Comparing the Synopsys of the two main and recent versions of OpenSSL, let me quote the man pages.
OpenSSL 1.1.0
OpenSSL 1.1.1
There obviously are some greater differences, namely considering this question, there are these two switches missing in the 1.1.0:
pbkdf2
iter
You have basically two options now. Either ignore the warning or adjust your encryption command to something like:
Where these switches:
-aes-256-cbc
is what you should use for maximum protection or the 128-bit version, the 3DES (Triple DES) got abandoned some time ago, see Triple DES has been deprecated by NIST in 2017, while AES gets accelerated by all modern CPUs by a lot; you can simply verify if your CPU has the AES-NI instruction set for example usinggrep aes /proc/cpuinfo
; win, win-md sha512
is the faster variant of SHA-2 functions family compared to SHA-256 while it might be a bit more secure; win, win-pbkdf2
: use PBKDF2 (Password-Based Key Derivation Function 2) algorithm-iter 100000
is overriding the default count of iterations for the password, quoting the man page:The other answer is essentially correct. though other things have changed around these versions (v1.1.0 and v1.1.1) that is good to be aware of.
First the default password hashing digest has changed, going from md5 to sha512
And second the addition the "-pbkdf2" "-iter" which has been needed for a long time. However the default iteration count is far too low, and should be set as high as possible without becoming too annoying. Big enough to take 1 to 2 seconds is generally acceptable for both encrypting and decrypting, but makes it very very difficult for brute forced password guessing.
The problem is now we have all these new options and defaults, as well as different digests and cyphers, you need to remember all these options do you can decrypt the encrypted file. That is whatever options was decided on to encrypt must be used to decrypt. However openssl only stores some 'file magic' (EG "Salted__" at the start of the file), and the random "salt" that was used, with the encrypted file. It leaves it up to you to remember everything else!
Aespipe is a old program that got around this by saving some of this information as a extra header to the encrypted data, but it is now becomming dated, and its format does not allow for the new options, or for easy expansion.
As a alternative I have been creating a new script "keepout" as a wrapper around "openssl enc" to save those extra options that is needed to remember how to decrypt that specific file, even as newer options, cyphers, or larger iterations are used when encrypting. Basically it saves the openssl option needed with the data.
https://antofthy.gitlab.io/software/#keepout