4

I'm new in the crypto world and I've just discovered PBKDF (I used to use typed passeword as symmetric key).

When using some crypto mode, you're required to generate an IV which must be completely random and not predictable, the best length is the length of a block size. PBKDF (and hashing functions in general) needs a salt which must also be random, I don't know the best length for a salt.

I'm thinking that an IV and a salt seems to be exactly the same but with a different name, they're random and are made to avoid getting the same output for the same input(s).

So I wonder if it would be secured to generate an IV, derive the password with this IV as salt, and use these to encrypt data?

Max13
  • 237
  • 2
  • 9

1 Answers1

1

No.

A salt for a PBKDF is to prevent a bruteforce search to be able to target multiple passwords at once. You generally choose one salt for a password per user, and store it. So you do not keep generating salts, only when the password is set/changed.

The role of an IV depends strongly on the mode. In some modes it is only required for semantic encryption (the same message encrypted twice is still different). For other modes such as CTR it's absolutely required for security. In general the IV should change for every message, which is the most important difference.

Note that "generate an IV which must be completely random and not predictable" is not always true. For example the IV, or nonce, for the ChaCha cipher does not need to be random nor predictable - just always different.

orlp
  • 4,355
  • 21
  • 31