>Hello,
>
>often you find products which implement AES 256Bit encryption e.g. in
>hard drive encryption, file encryption or whatever. The user specifies a
>password/passphrase which is used for encryption.
>
>My actual question is what does the standard say to passwords which are
>not exactly 256 Bit long? Often user passwords are 8 characters long
>(which means an effective key size of 64 Bit). Or someone could have a
>key file which is 300 Bit long. But AES with 256 Bit support would only
>use 256 Bit of the 300 Bit. Or it has to calculate a 256 Bit key of the
>64 Bit material specified from the user.
>
>How to calculate a key of size 256 Bit which is standard compliant. Is
>there even a library outside which does this for me (e.g. OpenSSL uses
>MD5 digests sometimes)?
>
>I just want to develop an application where a user can specify a
>password to encrypt something in AES 256 Bit. But the encryption library
>I use forces me to specify a key with the exact 256 Bit. So I have to
>calculate a key which is standard compliant.
>
>Does someone has an idea, hint?
>
>Best regards
>Stefan
Dear Stefan,
Well, I have an hint to search for. Not more than that.
You are looking for a way to generate an encryption key from a
password. they often use a hash function for that. The input of such
a function is a password and a pseudo random number called a salt or
initialisation vector.
This gives some key words to search for. One link i found surfing
the web: http://www.codeproject.com/KB/cs/DerivingKeys.aspx
Don't forget: the weakness of your system is the strength of the
password and the storage of password and salt.
>
>often you find products which implement AES 256Bit encryption e.g. in
>hard drive encryption, file encryption or whatever. The user specifies a
>password/passphrase which is used for encryption.
>
>My actual question is what does the standard say to passwords which are
>not exactly 256 Bit long? Often user passwords are 8 characters long
>(which means an effective key size of 64 Bit). Or someone could have a
>key file which is 300 Bit long. But AES with 256 Bit support would only
>use 256 Bit of the 300 Bit. Or it has to calculate a 256 Bit key of the
>64 Bit material specified from the user.
>
>How to calculate a key of size 256 Bit which is standard compliant. Is
>there even a library outside which does this for me (e.g. OpenSSL uses
>MD5 digests sometimes)?
>
>I just want to develop an application where a user can specify a
>password to encrypt something in AES 256 Bit. But the encryption library
>I use forces me to specify a key with the exact 256 Bit. So I have to
>calculate a key which is standard compliant.
>
>Does someone has an idea, hint?
>
>Best regards
>Stefan
Dear Stefan,
Well, I have an hint to search for. Not more than that.
You are looking for a way to generate an encryption key from a
password. they often use a hash function for that. The input of such
a function is a password and a pseudo random number called a salt or
initialisation vector.
This gives some key words to search for. One link i found surfing
the web: http://www.codeproject.com/KB/cs/DerivingKeys.aspx
Don't forget: the weakness of your system is the strength of the
password and the storage of password and salt.
Best regards
Jan
[ reply ]