From: Scott Worley <scottworley@scottworley.com>
Date: Mon, 23 Oct 2017 03:45:09 +0000 (-0700)
Subject: Don't use salt for encryption
X-Git-Url: http://git.scottworley.com/overonion/commitdiff_plain/4a5d2fe40628c9348fe018e0ee69aba6787905cf?ds=sidebyside

Don't use salt for encryption

The openssl-enc documentation says "This option SHOULD NOT be used ...".

I claim that -nosalt is safe to use in this application because:

1. The secrets being used here are full key-size + IV-size random values
   straight out of the random number generator.
2. Keys are never re-used.

-nosalt is desirable for this application because it avoids the "Salted__..."
header.  Having a "Salted__" header on every single layer of encryption
allows an attacker to get a known-plaintext-attack fingernail under each
layer, giving an opportunity to attack each layer individually.
---

diff --git a/overonion b/overonion
index 5eb26b6..e7634e2 100755
--- a/overonion
+++ b/overonion
@@ -55,7 +55,7 @@ function go() {
     operation=$(sed -n "${layer}{;s/ .*//;p;}" "$keyfile")
     if [[ "$operation" == openssl-enc ]];then
       openssl enc $openssl_decrypt "-$(sed -rn "${layer}s/[^ ]+ ([^ ]+) .*/\\1/p" "$keyfile")" \
-              -pass fd:37 37< <(sed -rn "${layer}s/^[^ ]+ [^ ]+ //p" "$keyfile")
+              -nosalt -pass fd:37 37< <(sed -rn "${layer}s/^[^ ]+ [^ ]+ //p" "$keyfile")
     elif [[ "$operation" == reverse ]];then
       reverse
     elif [[ "$operation" == openssl-dgst ]];then