Question

I am encrypting files for storage in an untrusted location, using a custom Java program to...

I am encrypting files for storage in an untrusted location, using a custom Java program to do that. There is only one user, but there are many files. I am using AES in CBC mode with PKCS5 padding, and the key is created from a single passphrase using PBKDF2.

Question: Would it increase security if I used a different salt for encrypting each file, or would that only make sense if I also used a different passphrase for each file?

0 0
Add a comment Improve this question Transcribed image text
Answer #1

In a scenario such as yours, where there is only one password/passphrase, but it is used as key material for the encryption of multiple CBC encrypted files, you will (as you noted yourself) obviously not make it any harder for an attacker to compute your password, should you use a salt.

However, using a salt would mean that the encryption of each file is independently keyed, which might increase resistance against collisions in the CBC chaining state, should you use the same password for encrypting a very large number of very large files. Since you are using AES-CBC and AES has a 128 bit block size, you would have to encrypt billions of GB sized files to get close to a 0.5 probability there would be just one such collision (in two 128 bit blocks somewhere), but depending on your security requirements, even such a small risk might be unacceptable. An alternative to using salts, would in such case be to use a cipher with a 256 bit block size instead of AES.

A third alternative would be to use random keys for each file, and only encrypt that file specific key using the key you derived from your password. If you put those encrypted keys together in a separate index file, you will get two additional benefits:

  1. Changing the passphrase will become much cheaper, in particular if you have a large number of files or very large files. Changing the passphrase might, or might not, be something that improves your security. Obviously, if an adversary at some point in time gets hold of all of your files and is able to compute the passphrase you were using at that point in time, you gain nothing by later changing the passphrase. The file specific keys (for the files that existed at that point in time) will already be compromised.
  2. However, using random file specific keys, will make it possible for you to put together index files for other users, containing only the keys of the files those users are supposed to get access to.
Add a comment
Know the answer?
Add Answer to:
I am encrypting files for storage in an untrusted location, using a custom Java program to...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
  • Consider a system where a data files (F_i, and i denotes the file ID) is distributed...

    Consider a system where a data files (F_i, and i denotes the file ID) is distributed over a cloud. A data file is generated by an author (AU_k, and k, denotes the author ID) and stored on a distribution server (DS). Only authorized users (US_1, and denotes the user ID) previously registered on the system using their private keys (KPR_1) are allowed to download the data. Users' public certificates (KPU_1) and revocation lists (CRL) are available on a trusted Certificate...

  • I want to store encrypted files on some storage backend that allows me to fetch bytes...

    I want to store encrypted files on some storage backend that allows me to fetch bytes X through Y of the encrypted file. I can obviously decrypt the entire file locally and send it back to the client. However, if the file is very large it would be nice to be able to arbitrarily decrypt that byte range on the fly. If possible, I'd like to be able to decrypt the parts by different servers at the same time (so...

  • Hello. I am using a Java program, which is console-baed. Here is my question. Thank you....

    Hello. I am using a Java program, which is console-baed. Here is my question. Thank you. 1-1 Write a Java program, using appropriate methods and parameter passing, that obtains from the user the following items: a person’s age, the person’s gender (male or female), the person’s email address, and the person’s annual salary. The program should continue obtaining these details for as many people as the user wishes. As the data is obtained from the user validate the age to...

  • I am creating something similar to a Content Management System, that can be downloaded and used...

    I am creating something similar to a Content Management System, that can be downloaded and used by everyone that needs it. I've been working in web-development for a couple of years (mainly as a hobby, i.e. creating personal homepages for acquaintances), but have never had the need of a user to enter his own configurations (let it be database connection, meta-data about his site, desired behaviour of the website). Therefore I have no experience with custom configuration file handling. That's...

  • need help with this assignment, please. Part 1 - Java program named MemoryCalculator In your Ubuntu...

    need help with this assignment, please. Part 1 - Java program named MemoryCalculator In your Ubuntu VM (virtual machine), using terminal mode ONLY, do the following: Create the folder program2 In this folder place the text file located on my faculty website in Module 2 called RAMerrors (Do not rename this file, it has no extension.) It is down below. Ths is the file RAMErrors 3CDAEFFAD ABCDEFABC 7A0EDF301 1A00D0000 Each record in this file represents the location of an error...

  • I need help parsing a large text file in order to create a map using Java....

    I need help parsing a large text file in order to create a map using Java. I have a text file named weather_report.txt which is filled with hundreds of different indexes. For example: one line is "POMONA SUNNY 49 29 46 NE3 30.46F". There are a few hundred more indexes like that line with different values in the text file and they are not delimited by commas but instead by spaces. Therefore, in this list of indexes we only care...

  • Using Java how would I write a program that reads and writes from binary or text...

    Using Java how would I write a program that reads and writes from binary or text files and gives me an output similar to this? Example Output: --------------------Configuration: <Default>-------------------- Enter the file name: kenb Choose binary or text file(b/t): b Choose read or write(r/w): w Enter a line of information to write to the file: lasdklj Would you like to enter another line? Y/N only n Continue? (y/n)y Enter the file name: kenb Choose binary or text file(b/t): b Choose...

  • I need help debugging this C++ prgram. What Am i doing wrong? //******************************************************** // This program...

    I need help debugging this C++ prgram. What Am i doing wrong? //******************************************************** // This program reads two input files whose lines are //ordered by a key data field. This program should merge //these two files, writing an output file that contains //all lines from both files ordered by the same key field. // //********************************************************* #include <iostream> #include<string> #include<fstream> //prototype void mergeTwoFiles (ifstream&,ifstream&, ofstream&); using namespace std; int main() {string inFile1,inFile2,outFile; // input and output files ifstream in1; ifstream in2;...

  • I am creating a program that will allow users to sign in with a username and...

    I am creating a program that will allow users to sign in with a username and password. Their information is saved in a text file. The information in the text file is saved as such: Username Password I have created a method that will take the text file and convert into an array list. Once the username and password is found, it will be removed from the arraylist and will give the user an opportunity to sign in with a...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT