C# AES-256 Unicode Key

Question

I need to make strong key for AES-256 in a) Unicode characters, b) key in bytes.

a) I have to generate 50 random Unicode characters and then convert them to bytes. Is this possible to use Unicode characters as AES256 key? For e.g. I want to use this page to create password. is there any way to import all characters from Windows characters table to program in Windows Form App?

b) I'm using this code:

System.Security.Cryptography.AesCryptoServiceProvider key = new System.Security.Cryptography.AesCryptoServiceProvider();
key.KeySize = 256;
key.GenerateKey();
byte[] AESkey = key.Key;

It's enough or I should change something?

Also I have one more question. Making an AES key longer then 43 ASCII characters will be more secure or it will be anyway hashed to 256bit? And there is difference between ASCII key of 43 characters and 100?

Note that encryption is easy (only 80% get it wrong here) compared to key management. — Maarten Bodewes, Jan 20 '16 at 22:46
@MaartenBodewes, can you explain "only 80% get it wrong here" please? — user5817386, Jan 21 '16 at 22:45
Well, a lot of crypto is not secure even if the question is answered. For instance, if you send CBC ciphertext to a receiver then it's likely to be vulnerable to padding oracle attacks, which may retrieve the plaintext in 128 tries per byte on average. There's people using ECB and even single DES. But encoding errors are probably most commonplace. — Maarten Bodewes, Jan 21 '16 at 22:48
I see. Thank you for explaining. I guess there is no way to test my encrypted data until someone didn't try to hack it. — user5817386, Jan 21 '16 at 22:55
Well, if CBC is secure in your situation then that 4 line piece of code is probably OK :P — Maarten Bodewes, Jan 21 '16 at 23:11

score 3 · Accepted Answer · edited Oct 07 '21 at 08:58

a) I have to generate 50 random Unicode characters and then convert them to bytes. Is this possible to use Unicode characters as AES256 key?

Yes, this is possible. Since you have plenty of space for characters you can just encode it. ceil(32 / 3) * 4 = 44, so you'd have enough characters for this. You would not be using the additional space provided by Unicode encoding though. Obviously you would need to convert it back to binary before using it.

b) is aes.GenerateKey "enough"?

Yes, aes.GenerateKey is enough to generate a binary AES key.

c) Making an AES key longer then 43 ASCII characters will be more secure or it will be anyway hashed to 256bit? And there is difference between ASCII key of 43 characters and 100?

An AES key is not hashed at all. It's just 128, 192 or 256 bits (i.e. 16, 24 or 32 bytes) of data that should be indistinguishable from random (to somebody that doesn't know the value, of course). If you want to hash something you'd have to do it yourself - but please read on.

The important thing to understand is that a password is not a key, and that keys for modern ciphers are almost always encoded as binary. For AES there is no such thing as an ASCII key. If you need to encode the key, use base 64.

If you want to use a password then you need to use a key derivation function or KDF. Furthermore, if you want to protect against dictionary and rainbow table attacks you will want to use a password based key derivation function or PBKDF. Such a KDF is also called a "password hash". In case of .NET your best bet is Rfc2898DeriveBytes which implements PBKDF2. PBKDF2 is defined in the RFC 2898 titled: PKCS #5: Password-Based Cryptography Specification Version 2.0 which you may want to read.

Thank you for great answer sir. I implemented SHA256(maybe should I use SHA384 or SHA512?). In conclusion - there is no need to make longer passwords than ~50 characters? — user5817386, Jan 21 '16 at 22:43
You're welcome. If you think it answers your question then don't forget to hit the V mark to the left and accept the answer. And welcome to StackOverflow of course! No, longer passwords are probably never required, if the character values are random enough. — Maarten Bodewes, Jan 21 '16 at 22:44

C# AES-256 Unicode Key

1 Answers1