CRYPTO NEWS

Encrypt-then-MAC: full random keys or keys derived from master key?

I have this scenario where I use Encrypt-then-MAC (AES256-CBC and HMAC-SHA256) with keys generated by a CSPRNG (specifically, SecureRandom in Java). I’d like to know which is better:

  • Use the CSPRNG to generate two distinct keys of 32 byte each

or

  • Use the CSPRNG to generate a master key of 32 byte and then use HKDF to derive the encryption and authentication key

I’d like to add that no human interaction is involved: this keys are stored inside a DB and are only used by machines.

Thank you very much!

Encrypt-then-MAC: full random keys or keys derived from master key?

Shopping cart
There are no products in the cart!
Continue shopping
0