On Thu, Oct 11, 2018 at 01:23:41AM +0000, Michael Wojcik wrote: > - Data recovery from an encrypted backup is tough. With CBC, one bit goes > astray and you've lost everything after that. No, a 1 bit error in CBC ciphertext breaks only the current block, and introduces a 1 bit error into the plaintext of the next block. After that, you're back in sync. But yes, indeed "openssl enc" offers little integrity protection. One should probably break the data into chunks and encrypt and MAC each chunk with the MAC covering the chunk sequence number, and whether it is the last chunk. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
