# OpenSSL PBKDF2 Default Iterations

by Emile `iMil' Heitor - 2020-07-22

I’m digging into OpenSSL for quite a while to find a decent encryption method to double the security of some critical GnuPG already encrypted files.

The one I came up with that seemed to satisfy my confidentiality requirements is as follows:

```
aes () {
openssl enc -aes-256-cbc -in $1 -out ${1}.aes -a -pbkdf2
}
```

Now, a friend of mine, whose crypto is a field of expertise, told me that the `CBC`

mode was unsecure because of possible attacks, and that I should use `GCM`

.

While searching on the subject, I also read this interesting thread which also rose the `CBC`

vs `GCM`

question, finally stating that the latter is not a *silver bullet* and that `CBC`

used with `HMAC`

would be a reasonable choice. Which suits me well as I actually use the `-pbkdf2`

parameter which seems to do just that.

Now on the subject, I read pretty much on every related post that the number of *iterations* done by the `pbkdf2`

function was critical, and could make a password discovery time much higher, and OpenSSL’s help says:

```
-pbkdf2
Use PBKDF2 algorithm with default iteration count unless otherwise specified.
```

But not a world about this *default iteration count*.

I spent a ridiculous amount of time searching over the web and asking here and there only to read wrong answers. I finally *RTFS*, and found the answer in OpenSSL’s source code:

```
case OPT_ITER:
if (!opt_int(opt_arg(), &iter))
goto opthelp;
pbkdf2 = 1;
break;
case OPT_PBKDF2:
pbkdf2 = 1;
if (iter == 0) /* do not overwrite a chosen value */
iter = 10000;
break;
```

So here we have it, `openssl`

’s default `pbkdf2`

iterations value is `10000`

. You’re welcome.