Password to Symmetric Key Algorithm ???
Posted: Sun Apr 24, 2011 2:39 am
Hi Paul.
I'm Steve Gibson. I have some background in computers, technology, security and encryption. For the past 5 and a half years I have been co-producing, with Leo Laporte, a weekly podcast called "Security Now!", and my web site is http://grc.com.
I'm writing because I am curious about a few aspects of the specific approach(s) you used with AESCrypt:
It appears that you are pseudo-randomly generating a 128-bit initialization vector (IV) and 256-kit key, which are then encrypted using (presumably) a hash (SHA256?) of the user's provided password. What I'm most curious about is where/how you generated the pseudo-random material for the pre-encrypted the IV and Key??
As you doubtless know, high quality cryptographically strong random numbers are notoriously difficult to obtain since operating systems are inherently deterministic. The only obviously weakness that might exist in your solution could surround the source of randomness for the IV and Key before they are encrypted under the user's key.
Just curious! Thanks!!
/Steve.
I'm Steve Gibson. I have some background in computers, technology, security and encryption. For the past 5 and a half years I have been co-producing, with Leo Laporte, a weekly podcast called "Security Now!", and my web site is http://grc.com.
I'm writing because I am curious about a few aspects of the specific approach(s) you used with AESCrypt:
It appears that you are pseudo-randomly generating a 128-bit initialization vector (IV) and 256-kit key, which are then encrypted using (presumably) a hash (SHA256?) of the user's provided password. What I'm most curious about is where/how you generated the pseudo-random material for the pre-encrypted the IV and Key??
As you doubtless know, high quality cryptographically strong random numbers are notoriously difficult to obtain since operating systems are inherently deterministic. The only obviously weakness that might exist in your solution could surround the source of randomness for the IV and Key before they are encrypted under the user's key.
Just curious! Thanks!!
/Steve.