is AES key random?
Solution 1
The AES key can be any 128 bits. It should be be practically unguessable, whatever the method of creating it.
For Example:
SecureRandom sr = new SecureRandom()
key = new byte[16];
iv = new byte[16];
sr.nextBytes(key);
sr.nextBytes(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key,"AES"), new IvParameterSpec(IV));
SecretKeySpec
, by the way, is just a thin wrapper around a byte[] --- it does not transform the key in any way. No "special algorithm".
Solution 2
To add to the other answers ... I believe that the reason that the basic Random functions aren't secure are two reasons:
- Slight statistical biases that are acceptable for non-security related situations, but narrow the distributions unacceptably for security applications.
- They are seeded by the system DATETIME. Even knowing WHEN you generated your key - to a poor accuracy of +/- 6 months - would significantly reduce the brute force search space.
Solution 3
You can add a random algorithm using SecureRandom :
KeyGenerator keyGen = KeyGenerator.getInstance("AES");
SecureRandom random = new SecureRandom(); // cryptograph. secure random
keyGen.init(random);
SecretKey secretKey = keyGen.generateKey();
Solution 4
It sounds like you're trying to generate an AES key based on a password.
If this is the case, you can use javax.crypto.SecretKeyFactory's generateSecret
method, passing in a javax.crypto.spec.PBEKeySpec as the parameter. The PBEKeySpec allows to to specify the password as an argument to its constructor.
terentev
Updated on June 04, 2022Comments
-
terentev almost 2 years
AES key may be generate by this code
KeyGenerator kgen = KeyGenerator.getInstance("AES"); kgen.init(128);
but
If I have a "very reliable" method of generating random numbers can I use it in such a way
SecureRandom rnd = new SecureRandom(); byte[] key = new byte[16]; rnd.nextBytes(key);
is key obtained by this method reliable ?
or it ONLY must generated by some SPECIAL algorithm
-
terentev about 12 yearsYes but i unlike PBEKeySpec :)
-
terentev about 12 yearsi dont know what PBEKeySpec do (in it) ? :)
-
terentev about 12 yearsthis is I wanted to hear, I hope this is true :)
-
maybeWeCouldStealAVan about 12 yearsPBEKeySpecis an implementation of PBKDF2, a standard algorithm which uses many rounds of a hash algorithm and a salt to produce a binary key of a given length based on a passphrase. Essentially, it's a specialized secure pseudorandom generator using the passphrase and salt as a seed. If you're generating secure random numbers as your keys, then you don't need it. If you're using a human-memorizable passphrase to generate your key, PBKDF2 is a good choice to protect against dictionary attacks.
-
Paŭlo Ebermann about 12 years@user249654 Yes, it is. And don't use plain
java.util.Random
like in the question, use at least something like SecureRandom to avoid a fast brute-forcing of your key. -
maybeWeCouldStealAVan about 12 yearsOops, sloppy editing on my part.
SecretKeyFactory
can generate a secret key given the pashphrase, salt, number of rounds, and desired key size specified in aPBEKeySpec
object. It does so using any of several standard algorithms. One, for example, is "PBKDF2WITHHMACSHA1", a specific form of the PBKDF2 algorithm. -
Maarten Bodewes over 10 yearsNote that this answer was provided before the question was changed from
Random
toSecureRandom
- which is cheating in my opinion. -
Maarten Bodewes over 10 years@PaŭloEbermann Please also see this excellent question by Thomas. That it is secure does not necessarily mean that it is the best method of generating the secret key.