Is salting values an essential good practice with Rijndael or AES encryption?

Question

I've implemented an encryption function using the Rijndael/AES encryption provider in .NET. My "understanding" of the algorithm suggests that as long as the Key and IV aren't compromised then the data is safe. However I've read on some sites where salting passwords is the best practice. The confusion for me comes in where there seems to be a though that salting is only necessary with hash function based encryption. What is the best practice when using Rijndael or AES, and what value should be salted(clear text, Key, IV)?

Answer 1

If you encrypt different datasets with the same key and same IV, the same clear text always results in the same encrypted text. If several users have the same password, they will also have the same encrypted password and it will be obvious from the encrypted data that their passwords are the same.

If you add salt to the clear text before every encryption, the same password will result in different encrypted strings, because (usually) there are different salts used in each case.

So if you use the same key and IV for all the password encryptions the scenario is the same as when using a hash functions and using salt has the same advantages. If you use different keys or IVs for each encryption, the same passwords result in different encrypted text and you don't have these problems. In this case salting doesn't improve anything.

Answer 2

The IV is the salt. It is perfectly safe to prepend the IV to the ciphertext when sending the ciphertext across the network or saving the ciphertext to disk. Make sure that the IV is generated by a cryptographically strong pseudo-random number generator for each message.

In strong cryptography, the only secret is the key. The IV is not a secret and neither is the ciphertext.

However, if you are using the same IV with the same key for multiple encryptions (a "session IV"), then you must protect the IV just as you would protect the key.