In some applications like disk encryption, a uniform random key is generated for the disk encryption and this is encrypted from the key derived from the user's passwords. Therefore, a user must choose a good password with enough strength like a password generated with dicewire method. Keep in mind that they cannot increase the strength of the input. The usual practice is using Password-Based Key Derivation Functions (PBKDF) like PBKDF2, Bcrypt, Argon2, BalloonHash, etc. How would you get that from a user's random length password? What is the key object that needs to be accepted by this function? The initial 1, 3/2 or 2 blocks will be bits taken directly from the entered key however that's not important to how AES works. The key expansion generates the 11, 13 or 15 subkeys that AES uses (depending on the key size). Is this showing that the user's actual entered key is part of the key schedule or are all keys in the schedule derived from the user's actual raw input key? The problem with using a user's password directly is that the password is the weakest part of the system - it is far easier to try to guess a password than to break AES (or a key exchange operation). Now, we typically don't convert a user's password directly into a key we normally either generate it from a Key Derivation Function (with inputs that may include the results of a key exchange operation), or possibly use the output of a secure random number generator directly (and contrive to somehow transmit this key to the other side). It takes as input that key what you do to come up with the key is not its concern. How you derive the 128, 192 (or 256) bit key is outside of the AES specification. It looks like this key already has the requisite number of 32 bit words for 128 or 192 (since this is the key expansion for 6 columns or less) but how would you get that from a user's random length password? Question 2: Is this showing that the user's actual entered key is part of the key schedule or are all keys in the schedule derived from the user's actual raw input key? What is the key object that needs to be accepted by this function? It looks like this key already has the requisite number of 32-bit words for 128 or 192 (since this is the key expansion for 6 columns or less) but how would you get that from a user's random length password? Would PKCS7 have already been run so that the key is padded? Question 1: In the first line, this procedure is taking a key. This is the algorithm from the book: procedure KeyExpansion(byte K, byte W) ? Nk ≤ 6 The book refers to a cipher key and the expanded key (or key schedule). I'm reading about the key expansion for AES but I can't seem to find the answer to this question yet.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |