Anthony Ferrara

> The web is full of stateles and procedural crypto libraries Well, that leaves me 2 thoughts: 1. It's full of them for a reason 2. Most of the ones...

Actually, you would still need them. Because you can't distinguish input that looks like an encrypted value, but wants to be encrypted (say they want to double encrypt for some...

I raised a few issues, most of which with suggestions, but a few with actual bugs or problems found. It's a start :-)

Well, as said in #5, that shouldn't be done anyway. And you don't need to MAC the IV/salt with the ciphertext anyway. If you derive the keys, using the code...

@defuse http://crypto.stackexchange.com/questions/5630/deriving-keys-for-symmetric-encryption-and-authentication (I asked the question, but check out the answers)...

I never claimed it was "strictly better". I do know that it is referenced in [Cryptography For Developers](http://www.amazon.com/Cryptography-Developers-Tom-St-Denis/dp/1597491047/), though using PKCS5 derivation (PBKDF2) instead: ``` key_material = PBKDF2(master_key, salt, 16,...

> Talking about the salt in specific though, I'm now thinking of another approach - why not just derive it from the masterKey (obviously with no salt on it's own):...

Well, that just talks about the encryption step, where as we're talking about the key derivation step which happens before you get to that step. You still need to supply...