Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Related to salt encryption(Salt rotation) RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I am encrypting a string based on the salt key.

    iam thinking to rotate the salt key,if i rotate the salt key then the strings which are encrypted using old salt key should be decrypted after salt key rotation.

    Want to understand is that possible, if not what are the other options i have?

    Wednesday, August 12, 2020 6:45 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi MMKR.MMKR,

    Thank you for posting here.

    Why do you want to rotate the salt?

    We generally use a new salt per password: 

    Why do I need to use the Rfc2898DeriveBytes class (in .NET) instead of directly using the password as a key or IV?

    We can use RijndaelManaged Class to encrypt a string like:

    Encrypt and decrypt a string in C#?

    Best Regards,

    Xingyu Zhao

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, August 13, 2020 3:07 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    In Azure Key vault, we will be storing the salt key. Below is the flow

    • We will be calling Azure key vault with the client id and client secret to get the salt key
    • Once we receive the saltkey, we will be encrypting the string using salt key.
    • We send the encrypted string to vendor.
    • we share the Azure key vault  client id and secret to vendor.
    • Vendor is going to call the azure key vault to get the salt key
    • Vendor using salt key they will decrypt the string.


    My question is can we rotate saltkey periodically? if so, can we decrypt the existing string which is done by using old salt key? Assume that salt key is compromised?

    if not what are the other ways we can look into it based on the above flow i mentioned.

    Thursday, August 13, 2020 7:22 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi MMKR.MMKR,

    Thanks for your feedback.

    Since your question is related to Azure Key vault, you can ask your question in new Azure Key Vault forum for more efficient responses.

    Thank you for your understanding.

    Best Regards,

    Xingyu Zhao

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, August 14, 2020 1:32 AM