CryptoJS ' CryptoJS.<BlockCipher>.encrypt has two encryption modes.
If you pass the key, which is not a string, but WordArray (the internal CryptoJS representation format for binary data), the key is accepted as is. This mode expects IV for all operating modes, except for ECB, which does not use IV, so you do not need to specify it. If there is no IV, it will be by default (through some JavaScript magic) equal to zero the filled IV (consisting of a full block of size 0x00 bytes).
If you pass the "key", which is a string, it will assume that the "key" is the password. To get the password key, it uses the derivation function compatible with OpenSSL EVP_BytesToKey . This mode generates a new 8-byte random salt and uses it together with a password to generate a key and IV. Even if you explicitly pass in IV, it will not be used.
CryptoJS.AES.encrypt(msg, password).toString()
displays Base64 encoded text containing the string "Salted__" at the beginning, followed by an 8-byte salt and the actual encrypted text. You can explicitly break this down before using with:
var ct = CryptoJS.AES.encrypt(msg, password); var saltHex = ct.salt.toString();
If you need to recreate the same conclusion. See code and specification .
The keys must have high entropy and be indistinguishable from random noise, which makes it difficult to force them. The aforementioned EVP_BytesToKey insecure since MD5 hashing is very fast, which allows an attacker to overdo the password. You need to either use a very long password (20-30 characters) or use the corresponding key derivation function, such as PBKDF2, which is provided by CryptoJS.