Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I have this scenario where I use Encrypt-then-MAC (AES256-CBC and HMAC-SHA256) w

ID: 652826 • Letter: I

Question

I have this scenario where I use Encrypt-then-MAC (AES256-CBC and HMAC-SHA256) with keys generated by a CSPRNG (specifically, SecureRandom in Java). I'd like to know which is better:

+ Use the CSPRNG to generate two distinct keys of 32 byte each

or

+ Use the CSPRNG to generate a master key of 32 byte and then use HKDF to derive the encryption and authentication key

I'd like to add that no human interaction is involved: this keys are stored inside a DB and are only used by machines.

Thank you very much!

Explanation / Answer

If you are concerned about database size, only the master key needs to be stored when you use HKDF. Ditto when sending it to another computer. Otherwise, two independent random keys are clearly secure and simpler to implement, so you should do that.

Related Questions

I have this program, However it needs to follow the insructions listed above, bu
Question #3872602
I have this program, how can I put a counter to count the number of comparisons
Question #3799936
I have this program, which currently has 2 functions (not including main): #incl
Question #3546823
I have this program, which currently has 2 functions (not including main): #incl
Question #3556366
I have this program. Works fine in this condition. It sorts a given ARRAY OF INT
Question #3641279
I have this program: // Square.java // // Define a Square class with methods to
Question #3659592
I have this programming assignment for my C++ class, and am completely lost when
Question #3702382
I have this project I am working on which I have the base and derived classes st
Question #3570616

Navigate

Previous
I have this running C++ program.However, i must convert it to mostly classes and
Next
I have this school project of mine that involves an app and a website that use t