Score:1

Can the salt be derived based on the other components of encrypted data?

at flag

I'm using python.cryptography's Fernet with PBKDF2 passphrase hashing to encrypt a piece of data (the value) that is stored, encrypted, in a database. The hashed passphrase is not stored in the database, and for that reason neither is the salt. Instead, the salt comes from a password vault in the application's runtime environment, and then modified to make it unique per value.

One question I have about this is: if an attacker has the passphrase and encrypted data for one value, is it possible for them to reverse-engineer the salt (which would help them to brute force the remaining data)? What if they also have a copy of the unencrypted version of the data for that one value?

(The attack vector being considered here is one where the attacker has a regular user account on the system, and has obtained a copy of the database with the encrypted values. Thus they're able to create a single value (theirs) where they know the passphrase and the resulting encrypted value. They also have access to a copy of the application's code, since it's open source.)

Per request, here's how the salt is handled:

  1. The salt is generated by an adminstrator (we recommend a 32-byte random value).
  2. The salt gets stored in the password vault (network service)
  3. When the application is deployed, the salt gets injected at runtime
  4. When new values are saved, the secret salt is combined with a unique value ID to form the per-value salt
  5. This salt is then used with the user-supplied passphrase to generate a key using PBKDF2 (with 500K iterations).
  6. The user's values are then each encrypted with their individual keys

I believe the above is known as the "salt & pepper" pattern.

kelalaka avatar
in flag
If the attacker has the passphrase can't they use it to access the salt? This seems rather an information security question...
FuzzyChef avatar
at flag
@kelalaka that's what my question is, if the attacker has the passphrase, can they use it to figure out the salt?
kelalaka avatar
in flag
No I'm asking that the interface doesn't allow them to use the system as usual when the attackers got the passphrase? What else does a user need to access their data other than the login name information?
FuzzyChef avatar
at flag
We're assuming here that what the attacker is attempting to obtain is other people's passphrases (and thus their data). They don't already have it.
FuzzyChef avatar
at flag
The salt is not part of the data.
kr flag
@FuzzyChef: You are using wrong wording. Salt is a **publicly known** addition to the password to prevent its precomputation. If you consider some data as secret, it is **password**. Means, what you refer as *salt*, is not salt, but a second passoword. Thus you have scheme with two passwords. Please rewrite your question using words *"1st password"* and *"2nd password"*.
kelalaka avatar
in flag
The first rule; salt is not assumed to be secret! We don't set up security on the secrecy of the salt, rather we force/teach the users to select good passwords to use. Could you elaborate on how the salt is created, modified and recreated/accessed? What if your vault crushes and all of your salt gone forever? Do you have a plan to mitigate from such catastrophic risk?
Swashbuckler avatar
mc flag
How was the salt initially created before putting it into some vault?
FuzzyChef avatar
at flag
@kelalaka if the salt is lost, it's acceptable that access to the data is lost. The data is only relevant for a short time, regardless (around 1 month), so it's considered more acceptable to lose it that to risk compromising it.
FuzzyChef avatar
at flag
But ... are you saying that there's no security advantage in keeping the salt secret? Because if so, I don't really need the answer to the above question.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.