I am trying to send a password from a client to the server. I just don’t know how to encrypt it.
I used a website (Instagram) as a guide here.
Here the password is encrypted with AES and the key is then encrypted with a Curve25519 public key and sent to the server together with the encrypted text.
I wonder why you only encrypt the key. I mean then you can already see how long the password has to be by using the AES encrypted password, or not?
So why not encrypt the AES key and the encrypted password with Curve25519?
The only problem is when you get the private key. Yes, just decrypt the text and you have the key to decrypt the AES directly. So the password is basically only encrypted with Curve25519. Is that enough?
Why does Instagram use Method 1? Reasons for performance?
Instagram always gives the same IV encrypted with the AES … is that bad if a new key is always generated?
I would appreciate a helpful answer 🙂