I started toying with CryptoJS, and I noticed something strange: the ciphertext always starts with the same string of characters. Here is the code to perform the encryption (I know Math.random isn't cryptographically secure, this was just something quick and dirty).
function Controller($scope) {
$scope.Text = "";
$scope.CipherText = "";
$scope.Key = Math.random().toString();
$scope.Encrypt = function ($event) {
$scope.CipherText = CryptoJS.AES.encrypt($scope.Text, $scope.Key).toString();
}
}
With the HTML:
<div ng-controller="Controller">
<div>Your key is: "{{Key}}".</div>
<div>
<textarea ng-change="Encrypt()" ng-model="Text" maxlength="140">{{Text}}</textarea>
<br />
<span>{{Text.length}} of 140</span>
</div>
<div>
<textarea ng-model="CipherText" maxlength="216">{{CipherText}}</textarea>
<br />
<span>{{CipherText.length}} of 216</span>
</div>
</div>
After a few runs, I noticed that the base64 ciphertext always started with the same few characters. For the key 0.5640227501280606:
a: U2FsdGVkX19kMKXVbnJHKbEkrwctAm2YbOTnPmtGRCg=
b: U2FsdGVkX18+0sG2DQzVgHwxH2cvrSqaDIxOOkUt5YU=
c: U2FsdGVkX19xGQdT6OUhbyyg1zfgqpGnWvF5Ibqkuqc=
I've tried this with different keys, and different length plaintexts. The ciphertext always begins with U2FsdGVkX1. What's going on here? Is CryptoJS storing some internal information here? Or is this normal for AES under certain circumstances?
Decoding the strings, it seems
U2FsdGVkX19
decodes to
Salted_
so it's just a string added by CryptoJS as a salt