Home>

Is it safe to use the hash function Sha3-256 to convert a variable length string (password) to a 256bits fixed length key used in AES-256-CTR?
Also, I would be grateful if you could tell me any best practices related to it.


Pseudo code

string password = "password"
print (GetByteCount (password)) // 8
[] byte key = sha3.Sum256 (password)
print (GetByteCount (key)) // 32
[] byte encryption = aes.CTR.Encrypt (key, plaintext)
  • Answer # 1

    Using a simple hash of a password as an encryption key makes it vulnerable to password dictionary attacks. It may be okay in practice if the password is strong enough, but at least key generation with a simple hash is not a best practice.

    I think the best practice for password encryption is PKCS # 5: Password-based encryption specification version 2.1 (RFC 8018). I find it difficult to read RFC 8018, but RFC 8018 recommends a method called PBKDF2 as a key derivation function. PKBDF2 is available in many programming languages ​​and should be considered.

    The title "Key padding" is incorrect, isn't it? Padding is to fill in the remaining part of the last block in the block cipher.