Hello guys,
I'm trying to expand a password that will probably have less than 128 bits (16 characters) to exactly 128 bits in order to use it as a key for mysql AES encryption. I can't ask the users to input minimul 16 characters. It would suck. So I need to expand the password somehow. I don't think repeating it would be a good ideea since I know this would bring some cryptographic vulnerabilities. What can I try?
The best ideea i think is to make a hash of the pasword since this is securely expanded already then select 128 bits, but i'm not so sure it's so good. I wanted to consult with you first.
I would apreciate your opinion. Thanks!
securely expand a password to 128 bits
Moderator: General Moderators
-
TheProgrammer
- Forum Newbie
- Posts: 22
- Joined: Mon Nov 27, 2006 12:25 am
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
Padding it can certainly work (one-time), MD5 could potentially work too as could other hashing algorithms that generate even longer hash results (chopped in some fashion I suspect.)
I would definitely have a minimum password length required. The shorter it is the stronger the entropy they must have in it be... although it's definitely best to give an overall strength rating.
I would definitely have a minimum password length required. The shorter it is the stronger the entropy they must have in it be... although it's definitely best to give an overall strength rating.