All Questions
Tagged with symmetric key-derivation
32
questions
2
votes
0
answers
119
views
Why KeePassXC is deriving (stretching) the key again before saving changes to the database?
KeePassXC supports Argon2, which is great for security. However, there's a quirk that's been bothering me. Every time I save modifications to the database, it seems to stretch (derive) the key again, ...
1
vote
0
answers
59
views
Linux Kernel CryptoAPI key exchange and key derivation
I have a custom network and I want to implement a symmetric key exchange and key derivation mechanism with ECDH.
I know that I need to use KPP API and ECDH helper functions, but I can't find any code ...
2
votes
1
answer
361
views
Deriving secret keys vs generating and encrypting them
Suppose one has a password manager, based on symmetric cryptography, that requires a master passphrase to be unlocked. Argon2 is used for deriving a secret key from the master passphrase.
I need ...
2
votes
1
answer
138
views
Can raw hash be used as secret key
I am trying to use argon2 hash to derive secret key to be used for AES-GCM , in package argon2-cffi in python there is a function argon2.low_level.hash_secret_raw(secret: bytes, salt: bytes, time_cost:...
0
votes
1
answer
94
views
Is a static IV really less secure than an IV generated from a master key?
As an example, let's take a simple situation where AES-256-CBC with IV + MAC is used to encrypt a given plainText and offer authentication.
...
0
votes
1
answer
29
views
When would we need a bigger IV than 2 bytes when the IV is derived of a master key?
As an example, let's take a simple situation where AES-256-CBC with IV + MAC is used to encrypt a given plainText to offer both authentication and prevent identical cipherTexts.
...
4
votes
1
answer
865
views
Can a digital signature be used to generate a key for AES encryption?
I am looking to see if using a digital signature is a secure and reasonable way to generate a key for AES encryption.
To flow would be as follows:
A user signs a message ...
3
votes
2
answers
286
views
Don't human generated passwords used with key derivation functions reduce the security of symmetric encryption?
The key size for AES is chosen as 256 because that's considered the minimum keysize which can protect against a brute force attack - i.e. $2^{256}$ tries.
However, in practice, for a lot of ...
3
votes
1
answer
374
views
Is PRF XORed with its key still a PRF? (always)
$\forall k \in \{0,1\}^n,m \in \mathbb{M},F_k(m)$ is defined as follows: $F_k(m) = F'_k(m) \oplus k$. It is known that $F'_k$ is a PRF. Note: 𝕄 is the message space and it's assumed that the key $k$ ...
2
votes
1
answer
336
views
How to estimate the maximum computational cost bound for Key Derivation Functions (KDFs) before it becomes useless security-wise?
From my understanding of Key Derivation Functions (KDFs), e.g. scrypt, Argon2, etc, we can tune their parameters such that it eventually becomes harder for an attacker to brute force a password-to-key ...
1
vote
1
answer
3k
views
How to choose parameters for Argon2 for a password vault
I'm creating a password vault, and I plan to use Argon2id to derive the master key from the master password. For encryption, I plan to use XChaCha20 with Poly1305.
To be clear: a set of multiple ...
0
votes
0
answers
118
views
Any gotchas when deriving a symmetric key from two seeds?
Consider a connection protocol where, after jumping through several other hoops, Alice and Bob know each others' public keys; and they now want to do a RSA-handshake-kind-of-thing to come up with a ...
1
vote
1
answer
179
views
how are variable key sizes produced?
I am current learning the internal working of several Symmetric key Cryptographic algorithms, and came across DES and AES.
DES takes in input a 64 bit key and AES-128 takes in input a 128 bit key
...
2
votes
0
answers
173
views
Sharing salt for deterministic symmetric key derivation
I have a requirement to generate and share unique symmetric keys for a large numbers of small data objects.
In many cases the storage and retrieval of the key for each object will be a significant ...
2
votes
0
answers
603
views
The right way to encrypt sensitive data with an user password
I am developing something like 1Password and I want to be sure that method that I use is secure. Main idea of the app is storing user passwords, and is protected with a global master password. Main ...