Is EVP_BytesToKey() still recommended ?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Is EVP_BytesToKey() still recommended ?

pratyush parimal
Hi everyone,

I'm trying to find a way to convert a string password to an AES-256 encryption key. I came across EVP_BytesToKey(), but the man-page says at the end:

"Newer applications should use a more modern algorithm such as PBKDF2 as defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC".

Does this mean I shouldn't use EVP_BytesToKey(), and should instead find out how to use PBKDF2 ? Or do I need to find out how to get EVP_BytesToKey() to use PBKDF2?

Any clarifications will be appreciated!
-Pratyush.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Is EVP_BytesToKey() still recommended ?

Matt Caswell-2


On 26/02/18 01:15, pratyush parimal wrote:

> Hi everyone,
>
> I'm trying to find a way to convert a string password to an AES-256
> encryption key. I came across EVP_BytesToKey(), but the man-page says at
> the end:
>
> "Newer applications should use a more modern algorithm such as PBKDF2 as
> defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC".
>
> Does this mean I shouldn't use EVP_BytesToKey(), and should instead find
> out how to use PBKDF2 ? Or do I need to find out how to
> get EVP_BytesToKey() to use PBKDF2?

Don't use EVP_BytesToKey().

Details on the PKCS5_PBKDF2_HMAC function are here:

https://www.openssl.org/docs/man1.1.0/crypto/PKCS5_PBKDF2_HMAC.html


Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users