2005-05-11 11:42:26 UTC
accepted cryptographic procedure in terms of security?
1. Can we re-use this key more than once for ciphering data without
the risk of extraction/deduction of the password by comparing the
various resulting ciphered data sets?
2. Should we add some random element (salt) to the password and derive
a new key again every time we cipher data? This way it would be harder
(impossible?) to deduce the password from the set of ciphered data.
Of course, when using a cryptographic hardware module, option 2 might
be more time consuming (one has to derive the key every time before
ciphering data) which is why it might be important to forget about the
random salt part and just use the same key again and again.
Any help will be appreciated. (Answers can be sent to my mail adress