Now I have some free time to answer my own question, just in case if someone else runs into the same problem.
I was completely mislead by the assumption of how e.g. my hard drive encryption, OpenSSL etc. work (from a user perspective!). They use AES-256Bit encryption and can deal with passwords unequal 256 Bit. _Because_ they use e.g. PKCS#5, SHA256 or whatever to generate a key (with length 256 Bit if you use AES-256Bit) out of the password. A password using as direct input for a key shouldn't be used at all because it doesn't provide enough entropy. This means the behavior of XMLsec is absolutely fine! Hope that helps someone else too. On Sat, 2008-03-22 at 00:53 -0700, Aleksey Sanin wrote: > Well, I am not doing "haha". I don't see reasons > to try to explain this because I know that I can't > do it better than, for example, Bruce Schneier did > in his "Applied Cryptography"... > > Aleksey > > Stefan Schulze Frielinghaus wrote: > > On Fri, 2008-03-21 at 10:52 -0700, Aleksey Sanin wrote: > >> http://www.aleksey.com/xmlsec/related.html#books > >> > >> Best, > >> Aleksey > > > > Ok I don't get it. Could you please be a little bit more specific than > > "haha just RTFM". > > > > The http://www.w3.org/TR/xml-encryption-req and > > http://www.w3.org/TR/xmlenc-core/ state that there is symmetric > > encryption algorithms support like AES. > > > > Also your example applications like "encrypt2" use a password file which > > needs a special length. > > > > All other documents around state symmetric key encryption (e.g. > > http://www.ibm.com/developerworks/library/s-xmlsec.html ). So the > > standard definitely supports that. Maybe I'm running to the wrong > > direction ;-) > > > > -Stefan > > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
