AES/Rijndael expert needed
#4
Much better idea would be to use a key derivation function like PBKDF2 with ïnitial symmetric key as salt with some good iterations count. Applying the password directly is a bad idea, you are weakening the cryptosystem. Assuming your symmetric key was generated using a good RNG, concatenating it to the password reduces the key entropy.

If the initial symmetric key is unknown to the attacker and is not reused with other passwords, you would be much beter off mixing (XOR-ing) the key with the password rather than concatenating them.


Messages In This Thread
AES/Rijndael expert needed - by kantigor - 06-04-2012, 01:05 PM
RE: AES/Rijndael expert needed - by undeath - 06-04-2012, 01:09 PM
RE: AES/Rijndael expert needed - by Hash-IT - 06-04-2012, 01:30 PM
RE: AES/Rijndael expert needed - by gat3way - 06-04-2012, 03:06 PM
RE: AES/Rijndael expert needed - by Incisive - 06-07-2012, 07:10 AM
RE: AES/Rijndael expert needed - by kantigor2 - 06-09-2012, 11:40 PM