Reputation: 8588
Breaking Rfc2898DeriveBytes key with input password but without salt
I am using C# RijndaelManaged class for AES encryption. The key and IV are generated from input password and salt using Rfc2898DeriveBytes class. My question is, how difficult would it be to break encryption if someone obtained input password but not the salt?
Upvotes: 0
Views: 1102
Answers (1)
Reputation: 93978
It would be close to impossible to retrieve the key and IV. Actually, sometimes a static, secret salt stored in source code is used in addition to the public random salt. In that way an attacker is required to get the source or runtime code in addition to the database with the salts and password hashes.
This kind of scheme does require a large enough (secret) salt, say 128 bytes. It would be best to use concatenation to create the combined public and secret salt.
Of course, it is always possible to mess up the encryption otherwise, e.g. by being vulnerable to padding oracle attacks, forgetting an authentication tag (HMAC) in addition to encryption, etc. etc. etc.
Upvotes: 0
Related Questions
- Generating AES IV from Rfc2898DeriveBytes
- C# PasswordDeriveBytes: seems that Salt does'nt matter
- Issue With Encrypted Password in C# using Rfc2898DeriveBytes and MSSQL
- AES 256 bit encryption with Rfc2898DeriveBytes
- Why do I need to use the Rfc2898DeriveBytes class (in .NET) instead of directly using the password as a key or IV?
- Incrementing Rfc2898DeriveBytes IterationCount without original input
- RFC2898DeriveBytes not decrypting
- Password Hash via Rfc2898DeriveBytes - what to pass to getBytes
- How does RFC2898DeriveBytes generate an AES key?
- rijndael 256 key