OpenSSL hash function for generating AES key

What hash function does OpenSSL use to generate a key for AES-256? I can't find it anywhere in their documentation.

$ touch file
$ openssl aes-256-cbc -nosalt -P -in file

enter aes-256-cbc encryption password: (I type "a" and hit enter)
Verifying - enter aes-256-cbc encryption password: (I type "a" and hit enter)

key=0CC175B9C0F1B6A831C399E269772661CEC520EA51EA0A47E87295FA3245A605
iv =4FA92C5873672E20FB163A0BCB2BB4A4

Which hash algorithm generates the unsalted hash after key= on the second last line, for the input "a"?

Solution 1:

Fairly sure it's an SHA1 digest algorithm but in all honesty I can't say with 100% certainty.

And who would have thought that something designed to increase obtuseness would have obtuse instructions ;)

EDIT: This may not be helpful in your circumstances but I guess you could always know by doing

openssl enc -d -a -md sha1 -aes-256-cbc -nosalt -p

Solution 2:

It's a concatenation of two MD5 hashes.

It's derived like this:

128bit_Key = MD5(Passphrase + Salt)
256bit_Key = 128bit_Key + MD5(128bit_Key + Passphrase + Salt)

You can check this by doing:

$ echo Testing > file
$ openssl enc -aes-256-cbc -p -in file -out file.aes -salt
: enter aes-256-cbc encryption password: abc
: Verifying - enter aes-256-cbc encryption password: abc
: salt=3025373CA0530C93
: key=E165475C6D8B9DD0B696EE2A37D7176DFDF4D7B510406648E70BAE8E80493E5E
: iv =B030394C16C76C7A94DC22FDDB6B0744
$ perl -e 'print pack "H*", "3025373CA0530C93"' > salt
$ echo -n abc > passphrase
$ cat passphrase > key.128.tmp
$ cat salt >> key.128.tmp
$ md5sum key.128.tmp 
: e165475c6d8b9dd0b696ee2a37d7176d  key.128.tmp
$ perl -e 'print pack "H*", "e165475c6d8b9dd0b696ee2a37d7176d"' > key.128
$ cat key.128 > key.256.tmp
$ cat passphrase >> key.256.tmp
$ cat salt >> key.256.tmp
$ md5sum key.256.tmp 
: fdf4d7b510406648e70bae8e80493e5e  key.256.tmp

Notice how both MD5's of 'key.128.tmp' and 'key.256.tmp' concatenated together form the same key as output at the initial command.

Solution 3:

OpenSSL uses AES with SHA1.

If you wish to examine better-written source than OpenSSL, have a look at the article
C++ class that interfaces to OpenSSL ciphers.

The article includes very simple source code that :

allows you to encrypt and decrypt files or strings using the OpenSSL AES-256-CBC cipher and SHA1 digest algorithms. It is interoperable with the openssl command line tool which makes it a good introduction to using OpenSSL for ciphers.

Will a EXT4 Samba Share be readable by Windows/Mac OS X users?

Why does Windows 8 open Bing.com by itself?

Resize Bluestack Screen on Mac OS X

Is using a laptop SATA hard drive in a desktop risky?

Will 8GB RAM stick work if my motherboard has limit of 16GB (for 4 slots)?

CentOS 6.5 - bash: service: command not found

How to get first line of output from command line?

Example of non-discrete space that admits an infinite open cover formed by pairwise disjoint open spaces [closed]

Every Ring is Isomorphic to a Subring of an Endomorphism Ring of an Abelian Group

$f(x) = (2x-1)/x^2$: proof of continuity using the epsilon-delta definition [closed]

Ensure weak connectivity in all k-out k-regular graphs depending on the number of vertices

how many control points are needed if n+1 data points are interpolated by p degree(or p+1 order) B-Spline?