SecureD Futures (v2.0)
sarn
sarn at theartofmachinery.com
Mon May 28 23:02:02 UTC 2018
On Monday, 28 May 2018 at 07:52:43 UTC, Adam Wilson wrote:
> I understand that.
Sorry, not for nothing, but you obviously don't. For starters,
if you were familiar with the key derivation tools available
24hrs ago, you wouldn't have come up with PBKDF2 on PBKDF2. I
suggest slowing down a little, and asking people on a crypto
forum if you're still not sure. If you explain your problem from
the start, they might even have some better ideas.
When that RFC (correctly) recommends using a salt, it's talking
about HKDF-Extract, which is a tool for taking a large amount of
mostly-random data and turning it into an appropriate KDK.
That's not the problem you have here. The problem you have is
generating keys for different purposes from a KDK. That's a
problem HKDF-Expand addresses, and it doesn't use a salt.
> Let me ask the question a different way. What is the reason NOT
> to use 2 different salts for the MAC and KEY generation steps?
You might choose to not use extra salts for the same reason
you've already chosen to not encrypt three times, or add extra
HMACs for each individual block of ciphertext: it's not solving
any problems.
More information about the Digitalmars-d
mailing list