0

what if the input key is less than 16 bytes? i found a solution, but its not a best practice.

//hashing here act as padding because any input given, it will generate fixed 20 bytes long.
MessageDigest sha = MessageDigest.getInstance("SHA-1");
key = sha.digest(key);
//trim the code to only 16 bytes.
key = Arrays.copyOf(key, 16);

I'm not planning to use salt because it is not necessary in my project. Is there any better way?

random peeps
  • 17
  • 4

2 Answers2

1

There are three approaches:

  1. Pad the key out to 16 bytes. You can use any value(s) you want to as padding, just so long as you do it consistently.

  2. Your scheme of using a SHA-1 hash is OK. It would be better if you could use all of the bits in the hash as the key, but 128 bits should be enough.

  3. Tell the user that the key needs to be at least N characters. A key that is too short may be susceptible to a password guessing attack. (A 15 character key is probably too long to be guessed, but 8 characters is tractable.) In fact, you probably should do some other password quality checks.

My recommendation is to combine 1. or 2. with 3 ... and password quality checks.

I'm not convinced that seeding the hash will make much difference. (I am assuming that the bad guy would be able to inspect your file encryption app and work out how you turn passwords into keys.) Seeding means that the bad guy cannot pre-generate a set of candidate keys for common / weak passwords, but he still needs to try each of the generated keys in turn.

But the flip-side is that using a crypto hash doesn't help if the passwords you start with are weak.

Stephen C
  • 698,415
  • 94
  • 811
  • 1,216
  • @Artjom B. Im referring to this post https://stackoverflow.com/a/3452620/14562641 – random peeps Dec 24 '20 at 11:54
  • thankyou so much for the explanation. But i think ill stick with the previous method because i think that for my program, the encryption happens a lot. I think its not suitable to ask user to enter 16 character repeatedly. – random peeps Dec 24 '20 at 11:56
1

Don't confuse keys and passwords. Keys are randomly generated and may consist of any possible byte value. Passwords on the other hand need to be typable by a human and usually rememberable. If the key is too short then either emit an error to the user or treat it as a password.

A key should then only be entered in encoded format such as hex or Base64. Only check the length when you successfully decode it.

A password has all kinds of issues that makes it brute forceable such as short length or low complexity. There you would need to use a password-based key derivation function such as PBKDF2 and a sufficiently large work factor (iterations) in order to make a single key derivation attempt so slow that an attacker would need much more time to check the whole input space.
You should combine that with some message to the user to give some hints that the password is too short or doesn't include some character classes and is therefore not recommended.

Artjom B.
  • 61,146
  • 24
  • 125
  • 222