0

When softwares such as ecryptfs use AES, it asks for a user password (such as "password123").

The AES algorithm by itself does not call for a user password. So where does the "password123" get thrown into the math?

I'm working to make a C function that encrypts some data using a password. I know the typical way of doing it with OpenSSL and an aes key, but I don't know how to get a user password integrated.

Dellowar
  • 3,160
  • 1
  • 18
  • 37
  • I have some experience working with SNMPv3,, their RFC suggests a method for deriving the key. It takes the password, the engineID, mashes them together, mixes them up,, and at the end you have your key. Take a look at section A.2.1 and A.2.2. The example shown is for MD5, but the same concepts apply AES: https://tools.ietf.org/html/rfc3414#section-2.6 – yano Nov 04 '16 at 04:07
  • 3
    AES is a symmetric cipher algorithm and does not use any keypairs; it uses a key or 128, 192, or 256 bits, which as @bartonjs answers can be derived from a password. _Asymmetric_ ciphers like RSA and ECIES use keypairs (and even then viewing them as 'lock and key' is usually misleading). – dave_thompson_085 Nov 04 '16 at 04:08
  • @dave_thompson_085 I was so ignorant about this comment. I had no idea what the difference between AES and RSA was. I finished this project in question and I realized the error of my ways lol – Dellowar Jan 05 '17 at 19:22

1 Answers1

6

You need to use a key derivation function (KDF). Password-Based Key Derivation Function 2 (PBKDF2) is the current most common approach.

OpenSSL probably exposes PBKDF2, it typically takes in a password and an iteration count (modern systems should use something like 100000 or higher... crank up the number until it takes about 0.3 seconds), and an output length. It may also take a hash function, something in the SHA-2 family (SHA256, SHA384, SHA512) would be a good modern choice.

bartonjs
  • 30,352
  • 2
  • 71
  • 111