Why does this ciphertext always start with the same characters?

Question

I started toying with CryptoJS, and I noticed something strange: the ciphertext always starts with the same string of characters. Here is the code to perform the encryption (I know Math.random isn't cryptographically secure, this was just something quick and dirty).

function Controller($scope) {
    $scope.Text = "";
    $scope.CipherText = "";
    $scope.Key = Math.random().toString();

    $scope.Encrypt = function ($event) {
        $scope.CipherText = CryptoJS.AES.encrypt($scope.Text, $scope.Key).toString();
    }
}

With the HTML:

<div ng-controller="Controller">
    <div>Your key is: "{{Key}}".</div>
    <div>
        <textarea ng-change="Encrypt()" ng-model="Text" maxlength="140">{{Text}}</textarea>
        <br />
        <span>{{Text.length}} of 140</span>
    </div>
    <div>
        <textarea ng-model="CipherText" maxlength="216">{{CipherText}}</textarea>
        <br />
        <span>{{CipherText.length}} of 216</span>
    </div>
</div>

After a few runs, I noticed that the base64 ciphertext always started with the same few characters. For the key 0.5640227501280606:

a: U2FsdGVkX19kMKXVbnJHKbEkrwctAm2YbOTnPmtGRCg=
b: U2FsdGVkX18+0sG2DQzVgHwxH2cvrSqaDIxOOkUt5YU=
c: U2FsdGVkX19xGQdT6OUhbyyg1zfgqpGnWvF5Ibqkuqc=

I've tried this with different keys, and different length plaintexts. The ciphertext always begins with U2FsdGVkX1. What's going on here? Is CryptoJS storing some internal information here? Or is this normal for AES under certain circumstances?

Answer 1

Decoding the strings, it seems

U2FsdGVkX19

decodes to

Salted_

FIDDLE

so it's just a string added by CryptoJS as a salt

Answer 2

The initial String added to the ciphertext is "Salted__" (without the quotes, two underscores at the end), indicating that the next eight bytes are the salt value, followed by the ciphertext.

This is likely to keep binary compatibility with OpenSSL which does the same if a password is used instead of a key. The key is then derived using EVP_BytesToKey function`. This is a proprietary protocol of OpenSSL, it is not a standardized method of adding a salt or deriving a key from a password.