Also, where do I store my salt (can I just store it at the beginning of the encrypted file)?
Asked
Active
Viewed 1,255 times
1 Answers
11
I suppose that what you are trying to do is password-based encryption of some data; you use PBKDF2 to derive the password into an encryption key, and then use the key with AES to encrypt the data. The AES encryption needs an IV, and the PBKDF2 function needs a salt. Both IV and salt should be generated anew for each encryption (even if reusing the same password).
Generically, the salt and the IV can be just encoded in a header for the encrypted file. They are not secret values.
Your question is then: can you use the same value for both the salt and the IV (presumably to save space) ? I do not recommend it. I would be surprised if it really induced a security issue, but who can be sure ? It looks a bit funky, and that's bad enough to avoid it. What you can do, instead, is to store the salt in the file header, and use PBKDF2 to generate both the key and the IV. Thus, the IV needs not be stored anywhere. PBKDF2 is a key derivation function which can produce an output of arbitrary length.
Generating the key and the IV from the same source is what is done in OpenSSL (in its private symmetric encryption format), and also in SSL/TLS (up to TLS 1.0).
I hope that your AES-based encryption mechanism uses a mode with integrated integrity checks, like EAX. Integrity is not an option; it is often overlooked, but it is necessary for security.
Thomas Pornin
- 88,324
- 16
- 246
- 315