Re: How to encrypt/decrypt a file

you misread what I wrote. Salt for PasswordDeriveBytes is important. Salt appended to plain text before encryption (as you done it in your sample) is redundant if IV is random. Your sample is more secure than Ivan's sample who is simply using fixed IV, and in your case random salt added to plain text before encryption compensates insecurity of fixed IV. However use of salt for that purpose is not very good solution because it implicity binds it to a fixed mode of operations - CBC, and totally fails for CTR (and some other modes of operations).
And for the hashed Passwords - salt is very important.
However the salt is misnomer. Real purpose of the salt was to modify encryption algorithm so that fast hardware cryptography will be unusable. For example DES salt is 12 bits and is used for switching bits from pairs of left and right parts of round key (48 bits). At first salt was used with crypt algorithm, that was relying on DES encryption, but after crypt was replaced with other hashed passwords, due to limitation of crypt to 8 chars (here is 7bit chars), salt continued to be used to refer to extra IV used with hashing algorithms.

-Valery.
http://www.harper.no/valery


"Mitch Gallant" <jensigner@xxxxxxxxxxxxxxxx> wrote in message news:ub%23Yy3BNGHA.2472@xxxxxxxxxxxxxxxxxxxxxxx
"Valery Pryamikov" <valery@xxxxxxxxx> wrote in message news:uV12dpBNGHA.1124@xxxxxxxxxxxxxxxxxxxxxxx

Adding a "salt" is redundant... and even harmful since it is just unnecessary goo that distructs attention from the real task - secure encryption.

So are you claiming that the salt used in the algorithm behind .NET PasswordDeriveBytes
adds NO useful entropy (or added randomness) and hence is useless?

- Mitch



.

Relevant Pages

  • Re: Hashed PWs more secure than encrypted PWs?
    ... How does MD5 work for this? ... > DES is not a public/private-key algorithm. ... > system encrypts a string of zeroes using a random salt ... The place the encryption key is stored is ...
    (comp.security.unix)
  • Re: Hashed PWs more secure than encrypted PWs?
    ... How does MD5 work for this? ... > DES is not a public/private-key algorithm. ... > system encrypts a string of zeroes using a random salt ... The place the encryption key is stored is ...
    (comp.security.unix)
  • Re: How to encrypt/decrypt a file
    ... Modified to use random IV value (and random salt). ... (and for CTR mode of operation counter IV gives much better IND-CPA security). ... get a cryptographically random salt (different for each encryption invocation) ... and the server is watching that this exact data is not stored on the server... ...
    (microsoft.public.dotnet.security)
  • Re: How to encrypt/decrypt a file
    ... However random IV (in addition to password's salt) is better and more secure solution anyway. ... (and for CTR mode of operation counter IV gives much better IND-CPA security). ... get a cryptographically random salt (different for each encryption invocation) ... even so your customer's requirement looks quite strange - the server is processing the data and the server is watching that this exact data is not stored on the server... ...
    (microsoft.public.dotnet.security)
  • Re: How to encrypt/decrypt a file
    ... Mitch's sample doesn't use have salt that I was talking about, but a password salt is not redundand... ... get a cryptographically random salt (different for each encryption invocation) ... The question is, from a security perspective, should the IV also be derived from a RNGCryptoServiceProvider ... even so your customer's requirement looks quite strange - the server is processing the data and the server is watching that this exact data is not stored on the server... ...
    (microsoft.public.dotnet.security)
Loading