What's new

Diversion Error message during curl send of stats...

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

dev_null

Senior Member
This may/may not be Diversion-only, but I updated my AC66U_B1 to the 386.1B1 yesterday. I did not get my diversion stats overnight so I checked the log and during curl send of the weekly stats I'm gettting an error 'WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better'.

I checked for updates to entware and force-updated Diversion, checked my credentials, etc. There is only one report of this message on the forum, and it was for yazfi. This doesn't appear to affect other add-ons (or even the performance of Diversion).

I re-entered my email credentials and this error also appears when I pick the option to change my PW. It seems to be a OpenSSL issue. Anyone else seeing this?

EDIT: This was a dirty flash from 384.19. If there is no obvious fix then I will do a reset as next step.
 
Last edited:
Thanks for reporting. This error comes with the newer openssl version 1.1.1h that ships with this beta Asuswrt-Merlin firmware.
Unfortunately, the new openssl binary will not decrypt the existing email password correctly even if the error message is suppressed.

I'm looking into how to handle that. Stay tuned for an update.
 
... the new openssl binary will not decrypt the existing email password correctly even if the error message is suppressed...
FWIW, I re-entered the PW and it *does* run successfully even though it complains at the time of the PW set. Just re-ran from the cli to confirm it still works following the PW re-set.

The log is below.
/opt/share/diversion/log/stats.div.log has this content:

START FILE, --- lines are not part of file
---------------------------------------------------
Mon, 07 Dec 2020 15:56:59 -0500
compiling stats
start Diversion Statistics, updating Ad-Blocking stats
creating filtering lists
begin of stats computing
assembling "The top 10 noisiest name clients"
assembling "Top 10 domains for top 10 clients"
client stats compiled, preserving client lists for next run
stats compiling complete, using these parameters: email attachment delete
sending email with stats as/in: attachment
curl output follows:

*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 15934 0 0 100 15934 0 5678 0:00:02 0:00:02 --:--:-- 5985

compiled router stats, sent to email
deleted stats file
stats successfully compiled
end of stats.div.log
---------------------------------------------------
END FILE
 
I saw the same problem and the same solution. Scripts generate the same warning message about a deprecated key derivation. In my case this was a gmail app password. I re-entered it through diversion and it then worked. My other scripts that use the same email.conf also started working with the same warning.

I added the additional switch "-pbkdf2" to lines 1729, 1778 and 1842 of functions.div, reentered the password and the warnings went away. I made the same change to my email script and those warnings went away too.

The default number of iterations used by pbkdf2 is 10,000. I have seen mention of increasing this to 100,000, so I changed the same lines to include "-iter 100000" and that worked fine with no noticeable performance change.
 
Last edited:
I saw the same problem and the same solution. Scripts generate the same warning message about a deprecated key derivation. In my case this was a gmail app password. I re-entered it through diversion and it then worked. My other scripts that use the same email.conf also started working with the same warning.

I added the additional switch "-pbkdf2" to lines 1729, 1778 and 1842 of functions.div, reentered the password and the warnings went away. I made the same change to my email script and those warnings went away too.

The default number of iterations used by pbkdf2 is 10,000. I have seen mention of increasing this to 100,000, so I changed the same lines to include "-iter 100000" and that worked fine with no noticeable performance change.
I only added the OpenSSL -pbkdf2 switch in my development code. Since this is not strictly about strong encryption of the password in Diversion but merely a function I added so that passwords can contain any character users come up with - without an escape hell to make it work in shell scripts.

Be prepared to enter your password again whenever the next Diversion update comes out to make it work since you added "-iter 100000".
My code is as follows for OpenSSL 1.1.1x routers:
Code:
/usr/sbin/openssl aes-256-cbc -pbkdf2
Note that all email functions also will have to decrypt the password with the same switches, so make sure your backups and stats are indeed sent to you with your changes.
The following files contain this code: backup.div, functions.div, stats.div, update.div and update-notification. They may or may not be present, depending on communication settings set in c.
Note that the file update-notification is located at /jffs/scripts.
 
Last edited:
Be prepared to enter your password again whenever the next Diversion update comes out to make it work since you added "-iter 100000".
I'm going to change it back. I can foresee needing to make the change in all the files on a future update and not having the foggiest remembrance.
 
I can foresee needing to make the change in all the files on a future update and not having the foggiest remembrance.
That appears to be a good choice, the change, not the foggy memory ;)
 
Great sleuthing gents!

And what I got out of it most was " whenever the next Diversion update comes out ".

I can hardly wait for 'whenever'!
 
Great sleuthing gents!

And what I got out of it most was " whenever the next Diversion update comes out ".

I can hardly wait for 'whenever'!
Whenever is when I either give up on adding more features or when I'm finally satisfied with the result. Whichever comes first :D
 
Having the pleasure of knowing you and your work for so many years now, I am confident that any user will be satisfied with whatever is available to be offered, now, even if it is an Alpha 0.0001 build in your eyes (and, which I know you wouldn't release in a million years). :)

Now, this Christmas eve, all I'll be dreaming about will be the tasty treats coming down the lane called amtm, Diversion, and who knows what else!

Thank you @thelonelycoder! Wishing you all the best this holiday season.
 
Now, this Christmas eve, all I'll be dreaming about will be the tasty treats coming down the lane called amtm, Diversion, and who knows what else!
I sincerely hope that other good things are on your mind or in your dreams during this festive finale of an otherwise wasted and fckd up year for the human population on this planet :)
 
Oh yes, other things will be on my mind when I'm awake. And I'll be grateful for all I have in this crazy, upside-down year.

But the heart, not my head, controls the dreams... and I've been mistakenly believing until just a short while ago (RMerlin corrected me) that 386.1 would be bringing a new amtm and other scripts/gifts for a while now. :D
 
Thanks for reporting. This error comes with the newer openssl version 1.1.1h that ships with this beta Asuswrt-Merlin firmware.
Unfortunately, the new openssl binary will not decrypt the existing email password correctly even if the error message is suppressed.

I'm looking into how to handle that. Stay tuned for an update.
I might be wrong, but does this work for you pre-Diversion update? (and other users?)
Code:
echo "$(/usr/sbin/openssl aes-256-cbc -d -md md5 -in /opt/share/diversion/.conf/emailpw.enc -pass pass:ditbabot,isoi)"
Shameless use of stackoverflow as to why this works: https://stackoverflow.com/a/39641378
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top