I have implemented PBE in addition to DES, 3DES and AES encryption Technique. I am in need of some advantages of PBE over the other three. When I searched on Internet, I am only finding disadvantages. Help me to figure out some advantages of using PBE?
Asked
Active
Viewed 2,080 times
1 Answers
7
If I understand the terminology you are using, PBE means password or pass-phrase based encryption.
According to the sources that I have seen, PBE is a "way of using" some encryption algorithm. Instead of generating a random key, you take a user-supplied password or pass-phrase and transform that into a key of the form that the encryption system requires (using a "key derivation function"). Here are some references:
- How does password-based encryption technically work?
- Java 256-bit AES Password-Based Encryption
- Password based encryption.
- Encrypt/decrypt with DES using a pass phrase.
In other words, if you compare PBE and DES or AES, you are comparing apples and oranges.
So what you are really talking about here is comparing PBE against using a random key. The advantage of PBE:
- A password or pass-phrase is more memorable than a random key. (Indeed, a random key is typically so non-memorable that normal humans need to put them into a "key ring" or something ... that is then secured using a password or pass-phrase!)
The disadvantages include:
- A password or pass-phrase is potentially guessable.
- An unsalted password or pass-phrase is potentially vulnerable to attack using "rainbow tables".
