Same output of KDF for Alice and Bob?
Alice and Bob use the same password which will be used in a KDF like PBKDF2_HMAC or Argon2id to generate a AES-key. The problem is that Argon2id generates a different output for the same password, resulting in the AES-key being different for Alice and Bob.
Pseudo-code:
password = "abc123"
# For Alice
salt = randomsalt()
key = KDF(password, salt)
#Output: b089b4def6c3e443838a34c4c679c0fb81b708c613850c40910f4809fab5b679
aesKey = AES.new(key)
#AES for Alice: 2b7e151628aed2a6abf7158809cf4f3c
# For Bob
salt = randomsalt()
key = KDF(password, salt)
#Output: f1e7117fe494c4a01094b652ccccc9d38006fb8439a4144b6d9356348baddbef
aesKey = AES.new(key)
#AES for Bob: 3ad77bb40d7a3660a89ecaf32466ef97
Because the random salt for Alice and Bob is different, the KDF will generate a different output even for the same password. Because the derived key is different, they will have different AES keys and can't communicate with each other?
The context is a chat application which Alice and Bob can initiate by both entering the same password when they join the chat. Not entering the same password means they can not read each other's messages.
Currently I have solved this by generating the derived key server-side and send it to the connected clients. But is there a way to generated the derived key client-side?
