Is there any problem using empty salts with PBDKF for this purpose?

Question

The aim is to generate a secure key for symmetric encryption.

I have a master password, from which I want to generate the key for symmetric encryption, in order to encrypt other passwords. The idea is to use PBDKF2 for the generation of that key.

This master password is pretty difficult to deduce, since I only store its sha256 hash. But the user provides it every time he logs in.

With the described scenario, I would say that I have a secure key for symmetric encryption, since it is not stored anywhere, and it can't be deduced with the information that it is stored.

So, my doubt is, is salting useful here? I cannot see it. I think that an empty salt would be ok.

Or maybe the scenario I'm considering has just any sense...

Answer 1

First, don't store the SHA256 of your master password! See this answer for how to store the hash of the master password.

Onto your question...

Salt is used to prevent the attacker precomputing the hashes for many/all possible inputs. In the specific case of storing the hash of the master password, a sufficiently large and random salt will prevent an attack from using a single table that maps all inputs to their hashes. For such a precomputation task to work, the attacker would need to create a unique table for each unique salt. This becomes computationally unfeasible. So, if you've salted and used an appropriate hashing algorithm (see answer referenced earlier), even if an attacker steals your password database, they can't reverse the hashes back to their passwords.

In your case, the key is the output of the PBKDF2 algorithm and will not be stored in a database. So there is no way that an attacker can steal the hash to reverse it to get the master password. So salting the PBKDF2 algorithm to generate the key seems unnecessary. But, as per the answer linked to earlier, you must salt the hashed version that you will store in your database.