It is a bad idea to directly use the bits from a password as an encryption
key because there is insufficient entropy relative to the available key
space (even with a so-called "strong" password). However, people still
need to use passwords so there are some ways to generate a key from a
password. Here's a little background on the subject:
Implementations of PKCS #5 are pretty popular for this. Here is the link
to the standard, and some examples in Java, C#, and OpenSSL (there are
many others, and take care when executing binaries that you download from
random websites):
For the curious, here's some interesting thoughts on PBKDF by a blogger:
http://apocryph.org/how_much_strength_does_pkcs_5_passwordbased_key_deri
vation_pbkdf2_add_a_key
Hope this helps,
Roman Hustad
--- Stefan Schulze Frielinghaus <stefan (at) seekline (dot) net [email concealed]> wrote:
> Hello,
>
> often you find products which implement AES 256Bit encryption e.g. in
> hard drive encryption, file encryption or whatever. The user specifies a
> password/passphrase which is used for encryption.
>
> My actual question is what does the standard say to passwords which are
> not exactly 256 Bit long? Often user passwords are 8 characters long
> (which means an effective key size of 64 Bit). Or someone could have a
> key file which is 300 Bit long. But AES with 256 Bit support would only
> use 256 Bit of the 300 Bit. Or it has to calculate a 256 Bit key of the
> 64 Bit material specified from the user.
>
> How to calculate a key of size 256 Bit which is standard compliant. Is
> there even a library outside which does this for me (e.g. OpenSSL uses
> MD5 digests sometimes)?
>
> I just want to develop an application where a user can specify a
> password to encrypt something in AES 256 Bit. But the encryption library
> I use forces me to specify a key with the exact 256 Bit. So I have to
> calculate a key which is standard compliant.
>
> Does someone has an idea, hint?
>
> Best regards
> Stefan
It is a bad idea to directly use the bits from a password as an encryption
key because there is insufficient entropy relative to the available key
space (even with a so-called "strong" password). However, people still
need to use passwords so there are some ways to generate a key from a
password. Here's a little background on the subject:
http://en.wikipedia.org/wiki/Key_derivation_function
http://en.wikipedia.org/wiki/Key_strengthening
Implementations of PKCS #5 are pretty popular for this. Here is the link
to the standard, and some examples in Java, C#, and OpenSSL (there are
many others, and take care when executing binaries that you download from
random websites):
http://www.rsa.com/rsalabs/node.asp?id=2127
http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html#
ManagingParameters
http://www.bouncycastle.org/docs/docs1.5/org/bouncycastle/crypto/PBEPara
metersGenerator.html
http://www.jensign.com/JavaScience/dotnet/DeriveKeyM/index.html
http://www.openssl.org/docs/crypto/EVP_BytesToKey.html
For the curious, here's some interesting thoughts on PBKDF by a blogger:
http://apocryph.org/how_much_strength_does_pkcs_5_passwordbased_key_deri
vation_pbkdf2_add_a_key
Hope this helps,
Roman Hustad
--- Stefan Schulze Frielinghaus <stefan (at) seekline (dot) net [email concealed]> wrote:
> Hello,
>
> often you find products which implement AES 256Bit encryption e.g. in
> hard drive encryption, file encryption or whatever. The user specifies a
> password/passphrase which is used for encryption.
>
> My actual question is what does the standard say to passwords which are
> not exactly 256 Bit long? Often user passwords are 8 characters long
> (which means an effective key size of 64 Bit). Or someone could have a
> key file which is 300 Bit long. But AES with 256 Bit support would only
> use 256 Bit of the 300 Bit. Or it has to calculate a 256 Bit key of the
> 64 Bit material specified from the user.
>
> How to calculate a key of size 256 Bit which is standard compliant. Is
> there even a library outside which does this for me (e.g. OpenSSL uses
> MD5 digests sometimes)?
>
> I just want to develop an application where a user can specify a
> password to encrypt something in AES 256 Bit. But the encryption library
> I use forces me to specify a key with the exact 256 Bit. So I have to
> calculate a key which is standard compliant.
>
> Does someone has an idea, hint?
>
> Best regards
> Stefan
[ reply ]