#askNostr for the few cryptographers out there. If I'm using scrypt to derive a key from a password. is it safe to reuse the salt on multiple files I'm encrypting? or should it be treated like the nonce where it should be different for each file encrypted
Sorry if this dose not make any sense, I'm still trying to learn about all the cryptography stuff
if you first bundle them into a tar, then only one salt, but yes, new salt for every one, as the RNG seeds off the salt and if you don't use a different salt for each encryption the very same sequence of scramble bits are used each time
also, it is exactly the same as the nonce, i've always hated that ambiguity. salt=nonce
you can use different encryption schemes, CBC, CTR, etc, but they all use a cleartext nonce in front, and the olden days they called that a "salt" - it's like a HD derivation path, same prinicple, ensures the hash you generate is different, no matter which way it's sliced by the encryption algo
nonce's are called nonces because you should only use n "once".
Often you'll get rekt if you do (i.e. your private key can be calculated).
With scrypt and similar password-based key derivation functions, the salt is like a namespace which ensures an attacker has to start from scratch if they're trying to guess a key derived from a unique salt.
If a salt is reused for two different ciphertexts, then any guesses an attacker makes can be applied to both ciphertexts.
So it's not as bad as nonce or IV reuse, but still best practice is to create a unique random salt for every ciphertext.
