hashcat Forum
AES Encryption - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: AES Encryption (/thread-3576.html)



AES Encryption - TrAnn3l - 07-29-2014

Hello Guys,

your crypto-knowledge is wanted Big Grin

At the moment i'm coding a program which should be able to keep the passwords of the users. Of course i don't want to save them in plain text, so i thought out sth.

The passwords will be saved AES256-CTR (i known that it doesn't have to do with hashes) encrypted, but this is secondary. I want to ask you, what you think about the key and IV generation.
So first the Key.
The key is at first about 70 characters long and consist of computer-specific things like OS or Username. To get to the 256 bit length, this key get hashed, using SHA256. So at the moment the key is on every PC Unique. But in the next time i want to make more unique.

Now to the IV. The IV is 128bit long and consist out of parts of the key, because i don't want to save the IV anywhere.

And after that, the Password gets encrypted. What do you think about it? Are there any weak spots, which i didn't care about?
Thanks for your replies Smile


RE: AES Encryption - hypn0s - 07-30-2014

In a crypto-system, the key is supposed to be secret. In your system, the key is based on OS, username... that is NOT secret at all and anybody who access the computer (or its information) would be able to generate that key.

You should let the user enter a key by himself (secret and not based on known information) and hash it with a strong hash function such as PBKDF2 with 10000 rounds of salted SHA512.

You cannot base the IV on the key because its entropy is way too low.

I recommend you to read some articles (wikipedia is a good start):
http://en.wikipedia.org/wiki/Kerckhoffs's_principle
http://en.wikipedia.org/wiki/Key_derivation_function
http://en.wikipedia.org/wiki/Initialization_vector


RE: AES Encryption - TrAnn3l - 07-31-2014

Thanks for this reply.
I build in your suggestion.
So the key gets now generated, using the system-dependent information AND an user-key, with PBKDF2 with 10000 rounds of salted SHA512.
I still include the system-dependent information, because i think even when you have access to the computer, it would be quite hard to get all the information which i use, and this is quite a lot.

Th IV gets filled with information out of a GUID, which gets new generated for each password.

What do you think now?