|
Crypto
AES 256Bit using a key less than 256Bit Apr 04 2008 06:01PM Stefan Schulze Frielinghaus (stefan seekline net) (3 replies) Re: AES 256Bit using a key less than 256Bit Apr 07 2008 12:31PM Alexander Klimov (alserkli inbox ru) |
|
|
Privacy Statement |
> Hello,
>
> often you find products which implement AES 256Bit encryption e.g. in
> hard drive encryption, file encryption or whatever. The user specifies a
> password/passphrase which is used for encryption.
>
> My actual question is what does the standard say to passwords which are
> not exactly 256 Bit long? Often user passwords are 8 characters long
> (which means an effective key size of 64 Bit). Or someone could have a
> key file which is 300 Bit long. But AES with 256 Bit support would only
> use 256 Bit of the 300 Bit. Or it has to calculate a 256 Bit key of the
> 64 Bit material specified from the user.
>
> How to calculate a key of size 256 Bit which is standard compliant. Is
> there even a library outside which does this for me (e.g. OpenSSL uses
> MD5 digests sometimes)?
>
> I just want to develop an application where a user can specify a
> password to encrypt something in AES 256 Bit. But the encryption library
> I use forces me to specify a key with the exact 256 Bit. So I have to
> calculate a key which is standard compliant.
>
> Does someone has an idea, hint?
>
> Best regards
> Stefan
>
Hi there
lots of kloo to be found here
<http://www.schneier.com/index.html>
His Applied Cryptography book is pretty much the de facto textbook for
this stuff
Please remember that whilst AES is thought to be secure at this time
it can be easily broken by a poor implementation of it.
Some systems will use the passphrase as part of the initial data used
to generate a key, some will not.
I would suggest developing the application using a framework which
already has a known good implementation of AES for security rather
than rolling your own.
hth
mike
[ reply ]