Re: [Cryptography-dev] KDF Question

Sat, 11 Jan 2025 07:10:00 -0800 

Thanks for the quick reply.

On Sat, Jan 11, 2025, 7:03 AM Alex Gaynor <alex.gay...@gmail.com> wrote:

> Scrypt salts can safely be stored with derived hashes in plaintext.
>
> Alex
>
> On Sat, Jan 11, 2025 at 10:02 AM Sriram R <sramac...@gmail.com> wrote:
> >
> > Last question, does the salt data need to be encrypted when storing or
> is it not sensitive information?
> >
> >
> > On Sat, Jan 11, 2025, 6:22 AM Alex Gaynor <alex.gay...@gmail.com> wrote:
> >>
> >> In general, using the output of a KDF as the key for symmetric
> >> encryption is fine.
> >>
> >> Alex
> >>
> >> On Fri, Jan 10, 2025 at 5:01 PM Sriram R via Cryptography-dev
> >> <cryptography-dev@python.org> wrote:
> >> >
> >> > Hello,
> >> >
> >> > I'm generating a key using Scrypt from a password supplied by the
> user. I then use this key as follows. This works but my question to the
> experts: is this an acceptable way to use the AESGCMSIV cipher? Am I doing
> something that's fundamentally against best practices? In the examples on
> the Cryptography site, the sample code snippet uses
> AESGCMSIV.generate_key() method to generate the key instead. The
> requirement I have is to generate the key that's based on a password.
> >> >
> >> > def gen_salt(size=32):
> >> >   return secrets.token_bytes(size)
> >> >
> >> > def der_key(salt, password):
> >> >   kdf = Scrypt(salt=salt, length=32, n=2**20, r=8, p=1)
> >> >   return kdf.derive(password.encode())
> >> >
> >> > def gen_symmkey(salt, password):
> >> >   symmkey = der_key(salt, password)
> >> >   return symmkey
> >> >
> >> >  key = gen_symmkey(salt, password)
> >> >  aesgcmsiv = AESGCMSIV(key)
> >> >
> >> > ct = aesgcmsiv.encrypt(nonce, file_data, aad)
> >> > with open(fname, "wb") as outfile:
> >> >      outfile.write(ct)
> >> >
> >> > Best,
> >> > PE
> >> >
> >> > _______________________________________________
> >> > Cryptography-dev mailing list
> >> > Cryptography-dev@python.org
> >> > https://mail.python.org/mailman/listinfo/cryptography-dev
> >>
> >>
> >>
> >> --
> >> All that is necessary for evil to succeed is for good people to do
> nothing.
>
>
>
> --
> All that is necessary for evil to succeed is for good people to do nothing.
>

_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev

Reply via email to