How should I create my DES key? Why is an 7-character string not enough?

security encryption cryptography key des
23,529

Solution 1

Each algorithm is designed to accept a certain key length. The key is used as part of the algorithm, and as such, can't be whatever your heart desires.

Common key sizes are:

  • DES: 56bit key
  • AES: 128-256bit key (commonly used values are 128, 192 and 256)
  • RSA (assymetric cryptography): 1024, 2048, 4096 bit key

A number, such as 1234567 is only a 4-byte variable. The key is expected to be a byte array, such as "1234567" (implicitly convertible to one in C) or `{ '1', '2', '3', '4', '5', '6', '7' }.

If you wish to pass the MD5 hash of your salted key to DES, you should use some key compression technique. For instance, you could take the top 7 bytes (somewhat undesirable), or perform DES encryption on the MD5 hash (with a known constant key), and take all but the last byte as the key for DES operation.

edit: The DES I'm talking about here is the implementation per the standard released by NIST. It could so be (as noted above), that your specific API expects different requirements on the length of the key, and derives the final 7-byte key from it.

Solution 2

DES uses a 56-bit key: 8 bytes where one bit in each byte is a parity bit.

In general, however, it is recommended to use an accepted, well-known key derivation algorithm to convert a text password to a symmetric cipher key, regardless of the algorithm.

The PBKDF2 algorithm described in PKCS #5 (RFC 2898) is a widely-used key derivation function that can generate a key of any length. At its heart, PBKDF2 is combining salt and the password through via a hash function to produce the actual key. The hash is repeated many times so that it will be expensive and slow for an attacker to try each entry in her "dictionary" of most common passwords.

The older version, PBKDF1, can generate keys for DES encryption, but DES and PBKDF1 aren't recommended for new applications.

Most platforms with cryptographic support include PKCS #5 key-derivation algorithms in their API.

Solution 3

The key must have size 64-bits but only 56-bits are used from the key. The other 8-bits are parity bits (internal use).

ASCII chars have 8-bit size.

Solution 4

You shouldn't pass you passwords straight into the algorithm. Use for instance the Rfc2898DeriveBytes class that will salt your passwords, too. It will work with any length.

Have a look here for an example.

EDIT: D'Oh - your question is not C# or .Net tagged :/

Share:
23,529
djdd87
Author by

djdd87

Updated on March 25, 2021

Comments

  • djdd87
    djdd87 about 3 years

    I'm having a bit of difficulty getting an understand of key length requirements in cryptography. I'm currently using DES which I believe is 56 bits... now, by converting an 8 character password to a byte[] my cryptography works. If I use a 7 digit password, it doesn't.

    Now, forgive me if I'm wrong, but is that because ASCII characters are 7 bits, therefor 8 * 7 = 56bits?

    That just doesn't seem right to me. If I want to use a key, why can I not just pass in a salted hash of my secret key, i.e. an MD5 hash?

    I'm sure this is very simple, but I can't get a clear understanding of what's going on.

  • brady
    brady almost 15 years
    Some right, some wrong. US-ASCII characters are only 7 bits. But thank you for pointing out that each byte of a DES key contains a parity bit.
  • Jaime Hablutzel
    Jaime Hablutzel almost 11 years
    Thanks to you for pointing out that there is one parity bit (discarded?) in each of the eight bytes.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

AES with password based SecretKeySpec vs PBE
Two SSL certificates with same key
Strength of RSA Encrypting an AES Key
How to make TLS connection from PHP in web server, and safely
SecureRandom safe seed in Java
Does encryption guarantee integrity?
Why is using a Non-Random IV with CBC Mode a vulnerability?
How are the IV and authentication tag handled for "AES/GCM/NoPadding"?
How to encrypt/decrypt data in php?
Encrypt Password in Configuration Files?