Do I need two keys for AES CBC and HMAC or can I use the same key for both operations?

Question

I am setting up a Python program to encipher messages on the following basis:

-from my password, generate 32-byte key from SHA256(password)

-generate a 16-byte IV from a PRNG

-measure the length of the plaintext and express as 2 bytes (my plaintext will be shorter than 2^16 characters)

-pad the plaintext to be a multiple of 16 bytes

-make an instance of the encryptor = AES.new(key, CBC, IV)

-generate ciphertext = encryptor.encrypt(plaintext)

-make string of concatenated length pt before padding||IV||ciphertext and send to recipient

-also send to recipient the tag from HMAC(key,concatenated string)

My question is whether for security I should use a different key for the AES encryption and for the HMAC tagging?

This seems to me unnecessary, in the sense that with a strong password the chance of finding the key by reverse engineering either the ciphertext or the tag is negligible. Or is it?

Answer 1

I'd advise you to use a library with a higher level API, such as Keyczar.

That being said:

• Don't generate the key using SHA-256. Use a password hash function such as bcrypt or scrypt.
• Yes, you must use different keys. For example, you can use the password hash function to generate 64 bytes of key material, and use the first 32-byte half for encryption and the second half for authentication.
• Make sure the IV comes from a good randomness source (e.g. /dev/urandom)
• Make sure your padding is correct. Or simply use CTR which does not require padding.