I'm deriving the session keys using Keccak/SHA3 by absorbing three(3) things: (1) the salt, (2) the common secret and (3) bits from a common key file. Normally, all three are concatenated and then padded, and the whole thing is absorbed. Would it still be secure if I pad each one? So, I would go from: Absorb (Pad (salt + secret + keyfile)) to: Absorb (Pad (salt) + Pad (secret) + Pad (keyfile)) Aside from actually being simpler in code, this would more precisely differentiate the combinations of the secret and the key file. E.g., if the secret is "abc" and the key file is "def", the Keccak state would be different in the case where the secret is "ab" and the key file is "cdef". Whereas in the usual concatenation of everything, those two cases would be the same. submitted by /u/sciencekm [link] [comments]