On Sat, 27 Jan 2007, Woodchuck wrote: > Disclaimer: I am not a cryptanalyst. Maybe that's all FUD and blown > smoke. > > If I recall the source code correctly, using -k, you > are already using salt -- of zero.
Checked the source code, I was wrong. In the -k case, the passphrase is passed without processing to the vnd routines. In the -K case it is passed to pkcs5_pbkdf2 for massage and hashing. Dave the Erring