search

MatrixAI / js-encryptedfs

Encrypted Filesystem for TypeScript/JavaScript Applications
https://polykey.com
Apache License 2.0
10 stars 3 forks source link

Generating a salt for key derivation #22

Closed robert-cronin closed 4 years ago

robert-cronin commented 4 years ago

Should we be generating a salt for our key derivation in Crypto?

We could do it by generating some random bytes: const salt = crypto.randomBytes(128).toString('base64') I am not sure how one would store this though, we should also consider having multiple salts as well and storing the number of attempts. Or do we leave it up to the user to provide the salts?

robert-cronin commented 4 years ago

Here are some recommendations from NIST for GCM and GMAC. It is recommended to restrict the IV to a length of 96 bits (12 bytes) to support interoperability and some other factors.

Here is a good example of file encryption with AES-GCM and salt based key derivation in nodejs: https://gist.github.com/AndiDittrich/4629e7db04819244e843. I think this is a good example to follow. We are also missing the auth tag and cipher.final() from our implementation which are essential to adhering to the AES-GCM standard.

robert-cronin commented 4 years ago

this was solved in #23

CMCDragonkai commented 4 years ago

Just remember that the details for how we did the AES GCM should be documented so it can be more easily verified.

robert-cronin commented 4 years ago

I have put some notes into the README along this line