-2

The reason why I ask this question is that we all know that this algorithm will fill the plaintext data into a multiple of 32 bytes,
so how will the key with less than 32 bytes or more be handled?
Because aes256 encryption algorithm is used in many websites or programs,
and usually we don't set a 32 byte password.
In that case, how should the algorithm go on?
Or is there any place where I can perfectly read the algorithms of all modes of aes256?
I am willing to check the source code of the algorithm by myself.

(this is not an advertisement)
but before that, I wrote an encryption algorithm myself.
I named it "sn_aes2048", Its function is:
"if the plaintext data is not a multiple of 256 bytes,
it will be filled with a multiple of 256 bytes, and the key is the same operation.
16 rounds of encryption will be performed by default,
and the data of the key will be updated in each round of encryption.
You may not believe that this algorithm is both symmetric encryption and asymmetric encryption.
Yes, yes, it is an encryption algorithm similar to aes256."
Adriaan
  • 17,741
  • 7
  • 42
  • 75
  • Previously, I found several aes256 algorithms on GitHub, which are the source code of CTR and CFB mode (although I don't know whether it is the official source code). When I modify the key in the code to a length other than 32 bytes, the code can't be executed normally. Won't the aes256 encryption algorithm fill in the key? If the key will not be filled, how do we encrypt and decrypt the data with those passwords that are not equal to 32 bytes in length? –  May 17 '22 at 19:25
  • 2
    AES only accepts keys that are 16, 24, or 32 bytes in length. A password is not a key, but a key can be derived from a password by using a password-based key derivation function (PBKDF). Argon2 is a modern PBKDF, but bcrypt, scrypt and even the older but more common pbkdf2 are often used. The length of the plaintext has nothing to do with the length of the AES key. – President James K. Polk May 17 '22 at 19:56
  • Please don't make more work for other people by vandalizing your posts. By posting on the Stack Exchange network, you've granted a non-revocable right, under the [CC BY-SA 4.0 license](https://creativecommons.org/licenses/by-sa/4.0/), for Stack Exchange to distribute that content (i.e. regardless of your future choices). By Stack Exchange policy, the non-vandalized version of the post is the one which is distributed. Thus, any vandalism will be reverted. If you want to know more about deleting a post please see: [How does deleting work?](https://meta.stackexchange.com/q/5221) – Adriaan Sep 19 '22 at 12:28

1 Answers1

2

The reason why I ask this question is that we all know that this algorithm will fill the plaintext data into a multiple of 32 bytes,

AES is a block cipher, which must be used with a mode of operation to be used as a general cipher. Some mode of operations (ECB, CBC) require padding (or ciphertext stealing) to be able to operate. So AES - the block cipher algorithm - doesn't do that, and many more modes of operation (CTR, GCM) don't require padding at all.

so how will the key with less than 32 bytes or more be handled?

AES - the block cipher - supports key sizes of 128, 192 and 256 bits, and that's it. It doesn't perform any actions on the key itself.

and usually we don't set a 32 byte password.

Yes but a password is not a key. Both are secrets, but there are different requirements for keys and passwords. You can indeed use a password based key derivation function (PBKDF) as has been commented below. Other methods exist as well such as PAKE schemes.

You may not believe that this algorithm is both symmetric encryption and asymmetric encryption.

I don't believe it can be any good if you don't even understand the concepts of a symmetric key and a password - or the concept of padding which you're trying to re-invent, but feel free to publish a paper.

Or is there any place where I can perfectly read the algorithms of all modes of aes256?

Try "block cipher mode of operation" and "Padding" on Wikipedia for a start. Then buy a book or follow a course on Cryptography. It is an academic field - creating your own algorithm from scratch is like screwing together your own automobile.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • OK, thank you. I'm going to review the knowledge of computer cryptography, but before that, I still have some questions. I hope you can answer, "is the key the initial value in the aes256 algorithm? If so, is it used to encrypt the passwords entered by subsequent users?" –  May 17 '22 at 20:22
  • The key is a parameter of the block cipher algorithm. I don't know what an "initial value" means, it is not common terminology. I know of an "initialization vector", which a key is not and should not be. How a keyed block cipher is used is entirely up to the scheme or protocol that it is used in, passwords have little to nothing to do with AES. I even wonder if the term "password" is present in the Rijndael book. Generally we use a PBKDF or "password hash" to derive a value from the password, which is then stored and compared when a password is entered. – Maarten Bodewes May 17 '22 at 20:27
  • Sometimes, when writing an encryption algorithm, I will take the key as an initial variable in the code, which is what I mean by "initial value", such as a 32 byte hexadecimal key: "uint8_t key [32]". I wonder if aes256 algorithm will place such an initial key variable in the source code? (I've seen the source code of aes256 encryption algorithm on GitHub before. In some codes, a key variable will be created.) –  May 17 '22 at 20:33