How would I implement key Strengthening (NOT Key Stretching) -- Forgetting the Random Salt

Question

0.00/5 (No votes)

See more:

Hi does somebody have some demo code preferably in C# or secondly in Delphi/Pascal on how I could implement Key Strengthening and not Key Stretching like it is explained on Wikipedia.

My Idea was using a random or cryptographic random function to generate x amount of bytes(SALT).
However would I not have to process/hash the SALT and leave some hint as to what the correct answer is. Because how will I brute force the correct random bytes/SALT if I do not leave a clue to what the correct answer is ?

And how do I make the clue in such a way that I the original creator of the random bytes/SALT have an advantage over lets say a competing party which is also trying to brute force the random bytes/SALT.

Also how do I determine the size of x amount of bytes must they always be fixed ? Seeing that the larger the amount of bytes the longer it will take to brute force recreate them.

This is a hypothetical idea I am sitting with not a requirement for any encryption.

Any replies will be welcome.

Posted 3-Jun-14 1:22am

UweOeder

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

E.F. Nijboer · Answer 1 · 2014-06-03T02:09:00

Solution 1

It wouldn't strengthen it.

The reason for the random salt is to prevent creating a rainbow table. If you use a derived salt you would weaken the encryption.

For example, it would render the result of GetSalt("Foo") to be "Bar". But it would always be "Bar"! There is nothing random about it. So there is always just a single salt making it very easy to use rainbow tables again because of the 1 on 1 relation between them.

Good luck!

Posted 3-Jun-14 2:09am

E.F. Nijboer

Comments

UweOeder 9-Jun-14 5:31am

I see what you are saying. However I want to truly generate a random salt not derived by the key in anyway. I was thinking more in the lines of random generating a salt. Hashing the salt and encrypting the hash and throwing away the original salt ofter use. In that way anybody attempting to determine the salt would first have to figure out the what is the correct hash before they can determine what is the correct random salt.

UweOeder · Answer 2 · 2014-06-09T00:21:00

I think I will attempt to solve this in the following way.
Step.1 Get KEY form user.
Step.2 Generate random SALT.
Step.3 Use KEY and SALT for whatever cryptographic purpose.
Step.4 Hash SALT. (Any SHA-3 hash should suffice.)
Step.5 Encrypt Hash with KEY.
Step.6 Permanently delete HASH.

This however forces the user to store the encrypted HASH of the SALT with the newly encrypted text.
I can see no problem with this as the following applies. The SALT is truly random and derived via any method. The HASH of the SALT is encrypted so that any possible attacker would first have to derive the correct HASH without he cannot derive the randomly generated SALT. This will however force the user also to start brute forcing the random SALT as hashing is a one way function.

To the best of my knowledge I think this will work.