Why is AES encrypted cipher of the same string with the same key always different?

Question

I have a file called plain.txt. Inside the file I have:

Hello Hello Hello Hello

I am using this command to encrypt it:

openssl          


        

Answer 1

The reason is that the actual key which is used for encryption is driven from your passphrase and the SALT. Then definitely the ciphertext will be different even if you still use the same password because the SALT is different.

Openssl uses salt by default to mitigate dictionary attacks. If you don't want to use it then use same salt as suggested by other answers, or add nosalt option as follow:

openssl enc -aes-128-cbc -nosalt -k "Hello" -in plain.txt -out encrypted.bin

You can see the ciphertext in hex using xxd

xxd encrypted.bin

Answer 2

You get different outputs on each run because new salt is generated each time you run the command. In order to provide the same salt for each consecutive run use -S salt option, i.e.

openssl enc -aes-128-cbc -salt -S "Salt" -k "Hello" -in plain.txt -out encrypted.bin

Answer 3

Because the "salt" varies each time. This prevents, for example, rainbow table type attacks on the encrypted values. See http://en.wikipedia.org/wiki/Salt_(cryptography)

Answer 4

The reason you are getting different encrypted string is " enc -aes-128-cbc". CBC stands for Cipher Block Chaining. So, for 2nd block, the encrypted output of first block acts ac IV, so each time you get different string. for more details google "AES in CBC mode"