All geek questions in one place

Are salting values ​​an important practice using Rijndael or AES?

I implemented the encryption function using the Rijndael / AES encryption provider in .NET. My “understanding” of the algorithm suggests that until the key and IV are compromised, the data will be safe. However, I read on some sites where salt passwords are the most important. The confusion for me comes where it seems that a tanning bed is only necessary using hash-based encryption. What is the best practice when using Rijndael or AES, and what should be the salinity value (clear text, Key, IV)?

+4
source share
5 answers

If you encrypt different data sets with the same key and the same IV, the same clear text always leads to the same encrypted text. If several users have the same password, they will also have the same encrypted password, and it will be obvious from the encrypted data that their passwords are the same.

If you add salt to clear text before each encryption, the same password will lead to different encrypted lines, because (usually) different salts are used in each case.

So, if you use the same key and IV for all password encryption, the scenario is the same as using hash functions, and using salts has the same advantages. If you use different keys or IV for each encryption, the same passwords lead to different encrypted text, and you do not have these problems. In this case, salting does not improve anything.

+5
source

Salt only makes sense for hashes; It prevents the use of pre-computed dictionaries.

It makes no sense to use salt for encryption.

+3
source

IV - salt. It is completely safe to add IV to the encrypted text when sending encrypted text over the network or saving the encrypted text to disk. Make sure that IV is generated by a cryptographically strong pseudo random number generator for each message.

In strong cryptography, the only key is the secret. IV is not a secret and is not ciphertext.

However, if you use the same IV with the same key for multiple encryption ("session IV"), then you must protect IV as well as protect the key.

+3
source

If the key is obtained from the password, the key derivation algorithm must contain salt. Basic algorithms (such as PBKDF2 ) do.

For the encryption part, the established modes of operation all include IV, which, in a sense, is itself similar to salt. There is no need to further randomize data before encryption.

+2
source

IV is safe for public knowledge, and usually you want to create a new one for each encryption operation. If you used the same one every time, then you will generate the same encrypted text for the same encrypted values. This is a several way to encrypt WEP. (Http://en.wikipedia.org/wiki/Initialization_vector)

Hashing the value that you are going to encrypt is not enough for you. IV already introduces a randomization factor into the ciphertext, and you do not want to parse the salt from the decrypted value.

As mentioned in SLaks, salting is useful only for the hash. To do this, it is useful to use a hash that you are going to compare with another hash to see if the value placed in the hash function at the same time is the same value. Salt prevents dictionary attacks (like Rainbow tables), where people went through and pre-calculated hash values ​​for multiple inputs. Salt means that a calculation table must be generated for each salt value.

You can do more with salt, but this is one example.

+1
source

Source: https://habr.com/ru/post/1334240/

More articles:


All Articles