
Password-based Encryption

You should use a key derivation function, such as PBKDF2. A key derivation function takes a salt and a supplied user password, and produces a key that can be used with a cipher like AES.

To encrypt, you would prompt for a password, generate a random salt, and derive a key using the KDF. You would then use that key with AES in a suitable block cipher mode to encrypt the data, and store only the salt and the encrypted data (and whatever IV the cipher mode requires).

To decrypt, you would prompt for a password, load the salt from the file, and re-derive the key. You would then use that key to decrypt the file.

The purpose of the salt is to prevent precomputation optimisations from being applied to a dictionary attack. It is indeed possible to perform a bruteforce dictionary attack once the salt is known, but the KDF is designed to be slow enough to make this infeasible without precomputation.


Post Code on Blogger

Simplest way to post code to blogger for me: <pre style="background: #f0f0f0; border: 1px dashed #CCCCCC; color: black;overflow-x:...