Generally you'd use a key generation algorithm to produce a key of the desired length. This could be a random array of bytes (use a crypto random number generator) or in your case where you want the users producing the password you would use a password generated key.
It's then up to you what specific rules you place around the strength of the password (hint - force the use of strong passwords :))
The password generated key you'd produce with whatever tools you're using - .Net, java etc... a little searching will find you libraries to do this.
An alternative is to use a hash of the password as the key - here make sure you use a hashing algorithm that provides the appropriate length byte array - SHA256 would be a good bet here.
Obviously the strength of the password is still an issue, but the lengths don't have to be exact :)
It's then up to you what specific rules you place around the strength of the password (hint - force the use of strong passwords :))
The password generated key you'd produce with whatever tools you're using - .Net, java etc... a little searching will find you libraries to do this.
An alternative is to use a hash of the password as the key - here make sure you use a hashing algorithm that provides the appropriate length byte array - SHA256 would be a good bet here.
Obviously the strength of the password is still an issue, but the lengths don't have to be exact :)
[ reply ]