1

The aim is to generate a secure key for symmetric encryption.

I have a master password, from which I want to generate the key for symmetric encryption, in order to encrypt other passwords. The idea is to use PBDKF2 for the generation of that key.

This master password is pretty difficult to deduce, since I only store its sha256 hash. But the user provides it every time he logs in.

With the described scenario, I would say that I have a secure key for symmetric encryption, since it is not stored anywhere, and it can't be deduced with the information that it is stored.

So, my doubt is, is salting useful here? I cannot see it. I think that an empty salt would be ok.

Or maybe the scenario I'm considering has just any sense...

Julen
  • 311
  • 3
  • 6
  • How many keys do you need - one or many? If just the one, then any salt ought to do, if many - wouldn't the salt mitigate the use of symmetric key re-use? – Konrads Aug 25 '15 at 08:27

1 Answers1

3

First, don't store the SHA256 of your master password! See this answer for how to store the hash of the master password.

Onto your question...

Salt is used to prevent the attacker precomputing the hashes for many/all possible inputs. In the specific case of storing the hash of the master password, a sufficiently large and random salt will prevent an attack from using a single table that maps all inputs to their hashes. For such a precomputation task to work, the attacker would need to create a unique table for each unique salt. This becomes computationally unfeasible. So, if you've salted and used an appropriate hashing algorithm (see answer referenced earlier), even if an attacker steals your password database, they can't reverse the hashes back to their passwords.

In your case, the key is the output of the PBKDF2 algorithm and will not be stored in a database. So there is no way that an attacker can steal the hash to reverse it to get the master password. So salting the PBKDF2 algorithm to generate the key seems unnecessary. But, as per the answer linked to earlier, you must salt the hashed version that you will store in your database.

Neil Smithline
  • 14,702
  • 4
  • 38
  • 55
  • Yes, using KDFs to store passwords is something I must do. Despite that, the passwords are salted with quite long and random salts, so they remain a little more secure :) . Thanks for your time. – Julen Aug 25 '15 at 01:10