What is PBEWithMD5AndDes?

Question

I am learning encryption algorithm in Java and stumble upon this algorithm:

  SecretKey key = SecretKeyFactory.getInstance(
                    "PBEWithMD5AndDES").generateSecret(keySpec);

I know it stands for Password Based Encryption with MD5 and DES algorithms. I know MD5 and DES are two separate algorithm encryption key but what exactly does PBEWithMD5AndDes means as an algorithm?

There isn't much resources online that does a good explanation regarding this "algorithm".

I was hoping someone could give simple and brief explanation about how this is different from a normal MD5 or normal DES algorithm.

MD5 collision can be found pretty quickly, don't use it anymore if possible — gusto2, Jan 11 '19 at 10:01
It slows down the exhaustive search and it makes finding MD5 collisions somewhat harder, regardless that try to use more modern PBE algorithm if possible, such as PBKDF2, SHA256withAES, Argon2,.. — gusto2, Jan 11 '19 at 10:06
Sometimes you cannot avoid it, like working with old data or systems.. But if you are building anything new, just skip it.. — gusto2, Jan 11 '19 at 10:09
Yes @Daredevil avoid it like the plague. Insecure and obsolete. — TheGreatContini, Jan 11 '19 at 10:09

score 12 · Accepted Answer · answered Jan 11 '19 at 10:00

Extending the previous answer

what exactly does PBEWithMD5AndDes means as an algorithm?

PBE is using an encryption key generated from a password, random salt and number of iterations, see the KeySpec parameters.

KeySpec pbeSpec = new PBEKeySpec(password.toCharArray(), psswdSalt, PBKDF_INTERATIONS, SYMMETRIC_KEY_LENGTH)

The idea is - passwords tend to be short and not random enough, so they are easy to guess. Using number of iterations should make the guessing somewhat harder.

PBEWithMD5AndDesis using MD5 and DES to generate the key, see the example code. Real life implementation should use much higher number of iterations

How does that differ with just using MD5 or just DES? That's what i would like to know.

In theory - you may use pure MD5 or DES, but today's computer could guess the passwords very fast.

Please note DES and MD5 are obsolete today. MD5 collision can be found under a minute on a commodity hardware and DES is using 64 bit key which is pretty short to be considered secure today.

@Daredevil the combination may be more secure than the pure hash, but I wouldn't consider it generally secure enough without proving otherwise — gusto2, Jan 11 '19 at 10:17
MD5 and DES are different algorithms for different things. MD5 is a hash algorithm and DES is a symmetric encryption algorithm. It's not like you can use one or the other. You have to use both. What you can do is, use better algorithm for the two, for example SHA256 + AES. In practice you could check the PBKDF2 algorithm for a better PBE implementation. — Nicolás Piquerez, Nov 20 '19 at 17:23

score 7 · Answer 2 · edited Oct 07 '21 at 11:04

PBEWithMD5AndDES in the Java cryptographic infrastructure is the algorithm described in https://docs.oracle.com/javase/9/docs/specs/security/standard-names.html#cipher-algorithm-names. The algorithm is the one described in PKCS#5 (https://www.rfc-editor.org/rfc/rfc2898#section-6.1.1).

Basically, in the first step, the algorithm turns the password into a key. This is called key derivation, and uses MD5 as a "scrambling" function. The output provides an IV and key suitable for DES in CBC mode, which are used in the second step to encrypt.

The algorithm is not secure any more, mainly because DES uses only 56-bit keys, which is too short against modern attacks (e.g. https://crack.sh/). Even though MD5 is prone to collisions, this might actually not be a problem here (collisions would only give alternative passwords for a given key, but the key is not conveyed).

score 2 · Answer 3 · answered Jan 11 '19 at 09:15

2

PBE stands for "Password Based Encryption", a method where the encryption key (which is binary data) is derived from a password (text).

answered Jan 11 '19 at 09:15

Henry

42,982
7
68
84

How does that differ with just using MD5 or just DES? That's what i would like to know. – Daredevil Jan 11 '19 at 09:49
@Daredevil Encryption requires keys, not passwords. DES provides (insecure) encryption, but in order to encrypt, you need a cryptographic key. One might try to hash a password to derive an encryption key. This is called password base key derivation (PBKDF). MD5 is a hash function, but it is insecure, and is especially not suitable for PBKDFs -- one of the main requirements for security is that PBKDFs need to be slow so attackers cannot brute force them. MD5 does not meet this requirement. See point 6 in https://littlemaninmyhead.wordpress.com/2017/04/22/top-10-developer-crypto-mistakes/. – TheGreatContini Jan 11 '19 at 11:40
1

The jasypt library implementation of PBEWithMD5AndDes, by default, uses an 8 byte random salt plus 1000 iterations of the hash algorithm. Further, by default, the unencrypted salt is prefixed to output encrypted bytes to make it available for decryption. It's not clear to me that these measures are enough to overcome the inherent weakness in the MD5 and DES algorithms. This is probably why, PBES1 is deprecated for new applications in favor of PBES2 (See RFC2898). – Charlie Reitzel Nov 30 '20 at 19:15

What is PBEWithMD5AndDes?

3 Answers3

Linked