Page 1 of 1

securely expand a password to 128 bits

Posted: Wed Dec 06, 2006 9:27 am
by TheProgrammer
Hello guys,
I'm trying to expand a password that will probably have less than 128 bits (16 characters) to exactly 128 bits in order to use it as a key for mysql AES encryption. I can't ask the users to input minimul 16 characters. It would suck. So I need to expand the password somehow. I don't think repeating it would be a good ideea since I know this would bring some cryptographic vulnerabilities. What can I try?
The best ideea i think is to make a hash of the pasword since this is securely expanded already then select 128 bits, but i'm not so sure it's so good. I wanted to consult with you first.
I would apreciate your opinion. Thanks!

Posted: Wed Dec 06, 2006 9:28 am
by Jenk
pad it?

Posted: Wed Dec 06, 2006 11:30 am
by feyd
Padding it can certainly work (one-time), MD5 could potentially work too as could other hashing algorithms that generate even longer hash results (chopped in some fashion I suspect.)

I would definitely have a minimum password length required. The shorter it is the stronger the entropy they must have in it be... although it's definitely best to give an overall strength rating.