Generating a salt for key derivation

[robert-cronin]

Should we be generating a salt for our key derivation in Crypto?

We could do it by generating some random bytes:
const salt = crypto.randomBytes(128).toString('base64')
I am not sure how one would store this though, we should also consider having multiple salts as well and storing the number of attempts. Or do we leave it up to the user to provide the salts?

[robert-cronin]

Here are some recommendations from NIST for GCM and GMAC. It is recommended to restrict the IV to a length of 96 bits (12 bytes) to support interoperability and some other factors.

Here is a good example of file encryption with AES-GCM and salt based key derivation in nodejs: https://gist.github.com/AndiDittrich/4629e7db04819244e843. I think this is a good example to follow. We are also missing the auth tag and cipher.final() from our implementation which are essential to adhering to the AES-GCM standard.

[robert-cronin]

this was solved in #23

[CMCDragonkai]

Just remember that the details for how we did the AES GCM should be documented so it can be more easily verified.

[robert-cronin]

I have put some notes into the README along this line