Using CryptoJS 3.1 I noticed that using 3Des, the encrypted message always start with
U2FsdGVkX1
Why is the first part of the encryption always the same?
What information does this hold and how does that information become U2FsdGVkX1?
Asked
Active
Viewed 1.1e+01k times
12
Mike Edward Moras
- 18,161
- 12
- 87
- 240
Thomas
- 1,184
- 5
- 16
- 33
1 Answers
13
The answer is:
Why do the encrypted files always start with "Salted__" ("U2FsdGVkX1" in base64)? Isn't giving away information like this insecure?
The encrypted files must always start with "Salted__" to interoperate with OpenSSL. OpenSSL expects this. The 8 bytes that spell "Salted__" are always immediately followed by another random 8 bytes of salt. The encrypted stream starts at the 17th byte. This way, even if you use the same password to encrypt 2 different files, the actual secret keys used to encrypt these 2 files are very different.
It is possible to omit the salt, but this is highly discouraged
Muhammad Dyas Yaskur
- 103
- 4
woliveirajr
- 1,152
- 13
- 17