I'd suggest looking at the "Mash" function instead. You can find it in the
file "default.cpp" in the crypto distribution. The reason I suggest that is
because what you're proposing here doesn't benefit from long passphrases; if
you're using a typical 128-bit AES key, for example, it would only use the
first 20 bytes of the passphrase, no matter what, and then it would trim the
resulting hash to 16 bytes. While I can't tell if the second operation will
always reduce the entropy of your key, the first operation certainly would.
In other words, the algorithm you list below is insecure, because it does
not use the entire keyspace available to it. Dictionary attacks are still
possible.
--Guy
----- Original Message -----
From: "Voronkov Konstantin" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 11, 2003 3:50 AM
Subject: Re: encryption with pass-phrase
> Hello again,
>
> I'm going to use following algorithm:
>
> key_size=0
> string=pass-phrase
> key_from_string=""
> while(key_size < key_required_size)
> {
> key_from_string+=SHA1(string)
> string+=key_from_string
> key_size += 20 bytes
> }
> The obtained key_from_string is key for encryption.
>
> Is it secure to use following algorithm?
> Does CryptoPP suggests something better?
>
> Best Regards,
> Voronkov Konstantin
>
> ----- Original Message -----
> From: "Voronkov Konstantin" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, September 10, 2003 4:04 PM
> Subject: encryption with pass-phrase
>
>
> > Hello All!
> >
> > Is there a way to encrypt something with pass-phrase instead of key
> > with CryptoPP 4.2? If not what is a standard and secure way for
> > generating encryption key from pass-phrase?
> >
> > Best Regards,
> > Voronkov Konstantin
> >
>
