If I have a database where I store users' sensitive information, and encrypt that information, do I need to do something like PBKDF2(password,salt,10^5) for the encryption key as well as the hash?
1 Answer
Whenever you have a human password and want to process it into some format that "leaves traces", then you need to do it with a function that is resilient to brute force (e.g. PBKDF2). You thus need to do that when you hash the password to obtain a password verification token that you store; you also need to do that when you are turning the password into a key for symmetric encryption.
To make things clearer: if you turn password P into key K and then use K to encrypt some data D and store the encrypted result E, then an attacker, observing E, could "try passwords" by turning a potential password P' into key K' and then trying to decrypt E with K' and see if it yields some sensible data D. This is the offline dictionary attack situation, very similar to basic password hashing.
Strictly speaking, turning some data into a key is called Key Derivation, and "PBKDF" really means "Password-Based Key Derivation Function".
- So...is that a "yes"? Because I understand that you need to use a key-derivation/slow-hashing function. My question is if I needed to salt the key.Property404– Property4042015-08-07 19:04:20 +00:00Commented Aug 7, 2015 at 19:04
- Slowness and salts are two important elements of password hashing (and its brother password-based key derivation). If you need one then you need the other, and vice versa.Thomas Pornin– Thomas Pornin2015-08-07 19:09:52 +00:00Commented Aug 7, 2015 at 19:09