Salted Key Generation Algorithm

A tutorial example is provided to confirm the Salted Key generation algorithm used by the OpenSSL 'enc -bf-ecb' command. The algorithm is using the MD5 hash function repeatedly on the given passphrase and the given salt to populate the secret key and the IV.

In the previous tutorial, we confirmed that the OpenSSL "enc -bf-ecb" command will derive a secret key and an IV, if you specify a passphrase and a salt. But the OpenSSL does not tell us what algorithm is used to derive the Secret Key and the IV.

By reading documentations of other cryptography tools, I am guessing that OpenSSL is using the following Salted Key generation algorithm to generate secret key and IV:

Input: 
   Passphrase: The passphrase of any size
   Salt: The salt of 8 bytes

Output:
   Key: The secret key of 16 bytes (128 bits)
   IV: The IV of 8 bytes (64 bits)
   
Algorithm - Salted Key Generation:
   Buffer = empty            : Open a buffer to collect hash

   Raw = Passphrase . Salt   : Initialize a raw byte array
   Hash = MD5(Raw)           : Generate MD5 hash of 16 bytes
   Buffer = Buffer . Hash    : Append to the buffer to 16 bytes
   
   Raw = Hash . Passphrase . Salt 
   Hash = MD5(Raw)           : Generate MD5 hash of 16 bytes
   Buffer = Buffer . Hash    : Append to the buffer to 32 bytes
   
   (Key, IV) = Buffer        : Split buffer to become secret key and IV

We can actually use the OpenSSL "dgst -md5" commands to simulate this algorithm. If the simulation result matches the secret key and IV we see from the "enc -bg-ecb" command, we know that OpenSSL is using the above algorithm.

C:\herong>del buffer.txt

C:\herong>del raw.txt
C:\herong>perl -e "print 'MySecret'" >> raw.txt
C:\herong> \
   perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')" \
   >> raw.txt

C:\herong>\local\gnuwin32\bin\openssl dgst -md5 -binary \
   -out hash.txt raw.txt

C:\herong>perl -e "while (read(STDIN,$_,1)){print $_;}" < hash.txt \
   >> buffer.txt

C:\herong>copy hash.txt raw.txt
C:\herong>perl -e "print 'MySecret'" >> raw.txt
C:\herong> \
   perl -e "binmode(STDOUT); print pack('H*', '0000000000000000')" \
   >> raw.txt

C:\herong>\local\gnuwin32\bin\openssl dgst -md5 -binary \
   -out hash.txt raw.txt

C:\herong>perl -e "while (read(STDIN,$_,1)){print $_;}" < hash.txt \
   >> buffer.txt

C:\herong>perl -e "while (read(STDIN,$_,1)){print unpack('H*',$_);}" \
   < buffer.txt
   
0b90d83d1a281a744f4f340911d8e0a6 6ff60fcd91d7f34e 4f54a143b17934a9
--------------------------------|----------------|----------------
          Secret Key                    IV            not used

Now compare the secret key and the IV with those derived from the OpenSSL "enc -bf-ecb" command:

C:\herong>C:\local\gnuwin32\bin\openssl enc -bf-ecb -e \
   -pass pass:MySecret -S 0000000000000000 -in 0000000000000000.txt \
   -out cipher.txt -nopad -p 
   
salt=0000000000000000
key=0B90D83D1A281A744F4F340911D8E0A6
iv =6FF60FCD91D7F34E

Cool, we have a perfect match! The Salted Key generation algorithm described above is confirmed to be the algorithm used by the OpenSSL "enc -bf-ecb" command.

Last update: 2018.

Table of Contents

 About This Book

 Blowfish Cipher Algorithm

 Perl Crypt::Blowfish Module

 Perl Crypt::ECB Perl Module

 Perl Crypt::CBC Module

 Perl Crypt::CFB Perl Module

OpenSSL "enc -bf-ecb" for Blowfish/ECB Encryption

 What is OpenSSL

 Installing OpenSSL for Windows

 OpenSSL "enc" Blowfish Ciphers

 Ways to Control Secret Key and IV

 "bf-ecb" Cipher with Literal Key

 "bf-ecb" Cipher on Multiple Blocks

 Secret Key Padding and Truncation

 "bf-ecb" Cipher with Salted Key

Salted Key Generation Algorithm

 "bf-ecb" Cipher with Random Salt

 OpenSSL Default Padding - PKCS#5

 "enc -bf-ecb" Command Summary

 OpenSSL "enc -bf-cbc" for Blowfish/CBC Encryption

 OpenSSL "enc -bf-cfb" for Blowfish/CFB Encryption

 OpenSSL "enc -bf-ofb" for Blowfish/OFB Encryption

 PHP Mcrypt Extension for Blowfish

 Blowfish 8-Bit Cipher in PHP

 References

 Full Version in PDF/EPUB