Let's consider this openssl command :

openssl enc -aes-256-cbc -pass pass:PASSWORD

Why is it important to have a good Key Derivation Function? This answer to another question suggest that GnuPG is preferable to Openssl because Openssl's KDF is weak. As far I my understanding goes, the only thing that is important to get in order to decrypt an encrypted file is the 256-bit key used by AES. Why is the way the password gets transformed into that 256-bit key so important?

  • 225
  • 1
  • 3

1 Answers1


"the only thing that is important to get in order to decrypt an encrypted file": I think this is where you go wrong in your reflection, if I can say so.

The only thing which is important is not for you to decrypt your encrypted file, but it is to prevent other to decrypt it by guessing your password.

Therefore, a good key derivation function will make it computationally hard and slow to derive a key from your password so relatively few different key candidates can be tested by an attacker over time. The answer you link mentions that GPG implements this by using a large number of iterations to derive the actual key from the password.

If the key derivation function does not take this precaution, then an attacker will be able to test a very high number of password candidates very quickly (the answer you link states "several dozens of millions of potential passwords per second (hundreds of millions will be achievable with a GPU)", at this speed one can expect to cover all 8 alphanumeric characters strings in easily less than an hour, so the password does not even need to be a guessable dictionary word to be crackable).

  • 19,082
  • 4
  • 58
  • 104
  • 1
    One other important property to note: A good KDF will also result in a key with good randomness properties. Even a slow KDF would be weak if the keys it generated were in some way predictable. – Xander Dec 31 '15 at 14:33
  • 1
    @Xander A bit pedantic, but it'd be more accurate to say that a good KDF doesn't reduce the entropy of the input key. – Steve Sether Dec 31 '15 at 19:35