Root > Reference > All Functions > InitSalt

Function InitSalt

 		Previous pageReturn to chapter overviewNext page   

Generates random salt.

 

Unit

EEncrypt

 

Syntax

 

Code (Delphi)

function InitSalt: TSalt;

 

Return value

Random salt.

 

You do not need to free/release/dispose this value - it does not contain any allocated memory. However, it is strongly recommended to call SecureFree function once you have finished working with salt - to erase it with zeros.

 

This value is never the same.

 

Remarks

This function generates new random salt for TEADeriveKey function and TwofishDeriveKey function.

 

Important!

Do not use RTL's Random function to create random salt manually. RTL implementation is a simple pseudo-random generator and it does not generate cryptographically-strong random data.

 

Note

In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes a password. The primary function of salts is to defend against dictionary attacks versus a list of password hashes and against pre-computed rainbow table attacks.

 

Examples

 

Code (Delphi)

var

Key: TTEAKey;

Salt: TSalt;

EncryptedText: RawByteString;

S: String;

SaltEncodedLen: Integer;

begin

// Create new (random) salt

Salt := InitSalt;

 

// Create new key from password

// Key will be different each time

// Because salt is different

Key := TEADeriveKey('password', @Salt);

 

// Encrypt some text with the above key

// (meaning "encrypt some text with the above password")

EncryptedText := TEAEncrypt(Key, 'clear text');

 

// Wipe key from memory - do this as soon as possible

TEADestroyKey(Key); // - same as SecureFree(Key);

 

// You must store salt with encrypted data

EncryptedText :=

RAWToString(@Salt, SizeOf(Salt)) +

EncryptedText;

 

// No longer needed, erase it

SecureFree(Salt);

 

// EncryptedText contains encrypted RAW bytes

// Do not output EncryptedText to any place which expects human-readable text

 

// Debug output

// Encrypted text is RAW bytes, so we need to convert it to something readable

// Encrypted value will always be different

Edit1.Text := HexEncodeString(EncryptedText);

 

// _____________________________________________

 

// Read stored salt

SaltEncodedLen := HexCalcEncodedSize(SizeOf(Salt)));

RAWFromString(Copy(EncryptedText, 1, SaltEncodedLen), @Salt);

// Remove salt from EncryptedText

EncryptedText := Copy(EncryptedText, SaltEncodedLen + 1, MaxInt);

 

// Create key from password

// Key will be the same as the one used for encryption above

Key := TEADeriveKey('password', @Salt);

 

// No longer needed, erase it

SecureFree(Salt);

 

// Decrypt text back

S := TEADecrypt(Key, EncryptedText);

 

// Wipe key from memory - do this as soon as possible

TEADestroyKey(Key); // - same as SecureFree(Key);

 

// Wipe also all data

SecureFree(EncryptedText);

 

// Now S = 'clear text'

 

// Call SecureFree for all data once you have finished working with it

SecureFree(S);

end;

 

See also



Send feedback... Build date: 2023-09-11
Last edited: 2023-09-11
PRIVACY STATEMENT
The documentation team uses the feedback submitted to improve the EurekaLog documentation. We do not use your e-mail address for any other purpose. We will remove your e-mail address from our system after the issue you are reporting has been resolved. While we are working to resolve this issue, we may send you an e-mail message to request more information about your feedback. After the issues have been addressed, we may send you an email message to let you know that your feedback has been addressed.

Permanent link to this article: https://www.eurekalog.com/help/eurekalog/topic_function_eencrypt_initsalt.php