All geek questions in one place

Aes key value / value

I use the AES algorithm in my application to encrypt plain text. I am trying to use a key that is a six digit number. But according to the AES specification, the key must be at least sixteen bytes long. I plan to add leading zeros to my six-digit number to make it 16-byte, and then use this as a key.

Are there any safety implications? I mean, this will make my ciphertext more susceptible to attacks.

Please, help.

+3
source share
1 answer

You must use the key derivation function , in particular PBKDF2 is the most modern in obtaining an AES key with a password or PIN code.

In particular, PBKDF2 makes it difficult to perform a key search because it:

  • randomizes the key, so it makes useless precomputer dictionaries of the word

  • increases the computational cost of testing each candidate, increasing the total time required to search for a key.

As an additional note, I would say that 6 digits correspond to approximately 16 bits of password entropy, which, of course, are too few. Increase the password length.

+4
source

Source: https://habr.com/ru/post/1781962/

More articles:


All Articles