## Changing Salt Size in Simple Crypt 3.0.0

From: andrew cooke <andrew@...>

Date: Tue, 4 Feb 2014 22:06:59 -0300

Recently, I've been reading various crypto books.  For some reason, today, I
was reading about CTR mode and how the offset must NEVER repeat.  That
prompted me to revise how it is handled in simple-crypt.

At first glance, simple-crypt doesn't follow best practice, because the offset
is random instead of being a counter, or something based on machine ID plus
time, or similar.  This was a conscious choice - I couldn't see any reliable
alternative that didn't require more care from the user, and simple-crypt is
meant to be simple.

This is not a problem because the restriction on unique offsets is per-key.
Simple-crypt uses a PBKDF to generate a key from the password PLUS a salt.  So
the salt changes the key and repeated offsets are no longer a danger.

And that's fine, as far as I understand things, but the salt is "only" 128
bits in length, which implies birthday collisions in ~64 bits.  And when I
looked again at the right answers -
I saw that Colin Percival recommends 256 bits.

The 128 bit approach isn't terrible, but 256 certainly has a wider safety
margin.  More importantly, I say in the simple-crypt docs that I follow CP's
guidelines.  So the code had to change.

Thankfully the encrypted data contains a header with a version field.  So the
new code uses a new version, detects the old value, and automatically handles
both.

But backwards compatability can only go so far.  Older versions (before 3)
cannot handle the new size / version.  Instead they will raise an exception
saying that the library version must be updated.

Obviously it would have been best to get this right from the start - I am
sorry for not doing so, and for any problems that might arise.  At the same
time, I am relatively pleased with how well the change works out - the latest
code will work with all formats and old code will fail in as useful as way as
possible.

https://github.com/andrewcooke/simple-crypt
https://pypi.python.org/pypi/simple-crypt

Andrew