conduition on Nostr: With scrypt and similar password-based key derivation functions, the salt is like a ...
With scrypt and similar password-based key derivation functions, the salt is like a namespace which ensures an attacker has to start from scratch if they're trying to guess a key derived from a unique salt.
If a salt is reused for two different ciphertexts, then any guesses an attacker makes can be applied to both ciphertexts.
So it's not as bad as nonce or IV reuse, but still best practice is to create a unique random salt for every ciphertext.
If a salt is reused for two different ciphertexts, then any guesses an attacker makes can be applied to both ciphertexts.
So it's not as bad as nonce or IV reuse, but still best practice is to create a unique random salt for every ciphertext.