Can I Use The AES I.V. Or Nonce As A Password Salt?
I'm trying to make a Python program which will take the file and key and then it will encrypt the file. I already know that the AES-GCM and AES-CFB mode uses a nonce and IV, respectively. And I currently store the IV/nonce in the encrypted file itself. I'm pondering over the idea if I can use the IV/nonce of the AES-CFB/AES-GCM as my password hashing salt?
Earlier I hashed the key provided, but when I came to know about Rainbow-tables, I thought of using a more sophisticated way. The approach I came to know about was PBKDF2.
if filepath.endswith(EXT): method = 'decrypt' flag = False with open(filepath, 'rb+') as f: f.seek(-NONCE_SIZE,2) iv = f.read() os.truncate(filepath, os.path.getsize(filepath) - NONCE_SIZE) # If the file doesn't end with the required extension, # then identify the method as `encrypt` and do the same # with the key provided. else: method = 'encrypt' flag = True iv = Random.new().read(NONCE_SIZE) # Make a cipher object with the nonce and key and write # to the file with the arguments. # Previous approach as commented-out code line below # key = hashlib.sha3_256(key.encode()).digest() key = PBKDF2(key, iv, dkLen=32) crp = getattr(AES.new(key, AES.MODE_GCM, nonce=iv), method)
I expect that the IV/nonce used as a password hashing salt provides the security required.
That is what the IV and the nonce are there for already. Using them twice might have catastrophic effects on the encryption. A nonce is by definition a number that is used only once.
- → What are the pluses/minuses of different ways to configure GPIOs on the Beaglebone Black?
- → Django, code inside <script> tag doesn't work in a template
- → React - Django webpack config with dynamic 'output'
- → GAE Python app - Does URL matter for SEO?
- → Put a Rendered Django Template in Json along with some other items
- → session disappears when request is sent from fetch
- → Python Shopify API output formatted datetime string in django template
- → Shopify app: adding a new shipping address via webhook
- → Shopify + Python library: how to create new shipping address
- → shopify python api: how do add new assets to published theme?
- → Access 'HTTP_X_SHOPIFY_SHOP_API_CALL_LIMIT' with Python Shopify Module