Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Using MD5 to generate an encryption key from password?

Tags:

key

md5

aes

pbkdf2

I'm writing a simple program for file encryption. Mostly as an academic exercise but possibly for future serious use. All of the heavy lifting is done with third-party libraries, but putting the pieces together in a secure manner is still quite a challenge for the non-cryptographer. Basically, I've got just about everything working the way I think it should.

I'm using 128-bit AES for the encryption with a 128-bit key length. I want users to be able to enter in variable-length passwords, so I decided to hash the password with MD5 and then use the hash as the key. I figured this was acceptable--the key is always supposed to be a secret, so there's no reason to worry about collision attacks.

Now that I've implemented this, I ran across a couple articles indicating that this is a bad idea. My question is: why? If a good password is chosen, the cipher is supposed to be strong enough on its own to never reveal the key except via an extraordinary (read: currently infeasible) brute-force effort, right? Should I be using something like PBKDF2 to generate the key or is that just overkill for all but the most extreme cryptographic applications?

like image 385
Charles Avatar asked Oct 01 '09 03:10

Charles

People also ask

Can MD5 be used for encryption?

MD5 hashes are no longer considered cryptographically secure methods and should not be used for cryptographic authentication, according to IETF.

Is MD5 good for password hashing?

Unfortunately, MD5 has been cryptographically broken and considered insecure. For this reason, it should not be used for anything. Instead, developers should switch to the Secure Hash Algorithm or a Symmetric Cryptographic Algorithm.

Is MD5 decrypt possible?

The MD5 cryptographic algorithm is not reversible i.e. We cannot decrypt a hash value created by the MD5 to get the input back to its original value. So there is no way to decrypt an MD5 password. But, we can use something like brute force hacking, which is extremely resource-intensive, not practical, and unethical.

Is MD5 encryption or encoding?

The MD5 message-digest algorithm is a cryptographically broken but still widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities.

1 Answers

This article on Key strengthening might help you. Basically you want to make the key stronger (more entropy than in a password) and make its derivation from the password reliably time consuming.

like image 200
Gleb Avatar answered Nov 12 '22 13:11

Gleb
Sign in to Comment

Related questions

C# - Check if specific key is pressed
Most convenient way to get the last key or value in a LinkedHashMap?
How to set a registry entry to use in inbound endpoint?
DSA Signing with OpenSSL
Get all versions of an object in an AWS S3 bucket?
Iterating through the union of several Java Map key sets efficiently
Entity Framework 4.3.1 -> 5.0 Exception: "EntityType has no key defined. Define the key for this EntityType."
How to detect when (forward) slash key is pressed in OEM keys C#
Eclipse: How to clone git over ssh with keyfile?
MongoDB case insensitive key search
Array of strings as hash function key?
How to specify a key for React children when mapping over an array
Fast hash for 2 coordinates where order doesn't matter?
Is it safe to use const char * literal as a std::map key?
How to sort a list by length and then in reverse alphabetical order
How to check if a key already exists in container?
JavaScript Symbol type: (non-string object keys)
Joining MySQL tables with key value pairs

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!