Encryption outdated?

[pataquets]

As I've gone thru the process of encrypting my file, I've got the following message:

$ openssl enc -aes-128-cbc -md sha256 -in gauth.csv -out gauth.csv.aes
enter AES-128-CBC encryption password:
Verifying - enter AES-128-CBC encryption password:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

openssl enc -list prints AES ciphers with longer key lengths (192 and 256), both in CBC mode. I'm on Ubuntu Jammy: OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
I've tried using both, and I always get an Loading config: invalid block padding error. Neither using -pbkdf2 nor -iter as suggested in the error message worked, also.

When looking for info about the cipher, I've also found that the information link in the docs is broken.

[creachadair]

It looks like maybe https://www.openssl.org/docs/man3.2/man3/EVP_BytesToKey.html is the new link, though I can't easily compare whether the API changed.

Although the 128-bit cipher is deprecated, it should still work; I was able to follow the instructions in the README just now:

% openssl enc -aes-128-cbc -md sha256 -in ~/.config/gauth.csv  -out ~/test.csv 
enter AES-128-CBC encryption password: ****
Verifying - enter AES-128-CBC encryption password: ****
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

% mkdir xyzzy
% GOBIN=$PWD/xyzzy go install github.com/pcarrier/gauth@latest
% GAUTH_CONFIG=$HOME/test.csv ./xyzzy/gauth
Encryption password: ****
< codes redacted >

I would not expect the existing code to work with different ciphers or key-derivation functions, if one wanted it to support a newer algorithm one would have to change the tool.