Refering to this thread : using different IV and SALT with AES-CBC but same KEY
I am in a similar situation to the one exposed, namely that I need to use AES to encrypt data, however, I cannot implement PBKDF2 correctly by having a unique key for each encryption because I cannot wait for the derivation time in terms of performance of my application.
So I came across this very interesting discussion, but I'm not sure I apply it correctly to my case.
Important point in my case, I can use AES GCM.
Do I understand the following correctly, which of those options are the right ones ?
Option A:
From a 16-character "strong" random passphrase composed of uppercase, lowercase, number and special characters, I derive a PBKDF2 key with a unique salt and 600k iterations. This will be my master key.
Then, for each cryptographic operation, Encrypt and Decrypt I derive an HKDF key from the Master Key, using a unique random salt this time.
I then use AES GCM with this new key, generating the unique nonce and tag and adding the HKDF salt. So the complete cipher will be composed of: Nonce (12B) | Ciphertext (*B) | Tag (16B) | HkdfSalt (32B) Result, I use a unique key by encryption, even with a sufficiently high entropy because it was initially derived from PBKDF2.
Option B: Same as A but no need to derive a new HKDF key each time with a different salt. A single fixed HKDF key even without salt would be sufficient.
Option C: All this is overkill and simply using the fixed PBKDF2 master key is sufficient in the case of GCM?
