I am learning encryption algorithm in Java and stumble upon this algorithm:
SecretKey key = SecretKeyFactory.getInstance(
"PBEWithMD5AndDES").generateSecret(keySpec);
I know it stands for Password Based Encryption with MD5 and DES algorithms. I know MD5 and DES are two separate algorithm encryption key but what exactly does PBEWithMD5AndDes means as an algorithm?
There isn't much resources online that does a good explanation regarding this "algorithm".
I was hoping someone could give simple and brief explanation about how this is different from a normal MD5 or normal DES algorithm.
PBEWithMD5AndDES: The PBES1 password-based encryption algorithm as defined in PKCS #5: Password-Based Cryptography Specification, Version 2.1. Note that this algorithm implies CBC as the cipher mode and PKCS5Padding as the padding scheme and cannot be used with any other cipher modes or padding schemes.
PBE with MD5 and DES is a cryptographic method using the Message Digest 5 (MD5) and Data Encryption Standard (DES) algorithms. MD5 is the message digest algorithm developed by Ronald Rivest in 1991. MD5 takes messages of any length and generates a 128 bit message digest.
6.2 PBES2 PBES2 combines a password-based key derivation function, which shall be PBKDF2 (Section 5.2) for this version of PKCS #5, with an underlying encryption scheme (see Appendix B.2 for examples). The key length and any other parameters for the underlying encryption scheme depend on the scheme.
StandardPBEStringEncryptor enables a user to specify the algorithm (and provider) to be used for encryption, the password to use, the number of hashing iterations and the salt generator that will be applied for obtaining the encryption key. PooledPBEStringEncryptor is an enhanced version of StandardPBEStringEncryptor .
Extending the previous answer
what exactly does PBEWithMD5AndDes means as an algorithm?
PBE is using an encryption key generated from a password, random salt and number of iterations, see the KeySpec parameters.
KeySpec pbeSpec = new PBEKeySpec(password.toCharArray(), psswdSalt, PBKDF_INTERATIONS, SYMMETRIC_KEY_LENGTH)
The idea is - passwords tend to be short and not random enough, so they are easy to guess. Using number of iterations should make the guessing somewhat harder.
PBEWithMD5AndDes
is using MD5 and DES to generate the key, see the example code. Real life implementation should use much higher number of iterations
How does that differ with just using MD5 or just DES? That's what i would like to know.
In theory - you may use pure MD5 or DES, but today's computer could guess the passwords very fast.
Please note DES and MD5 are obsolete today. MD5 collision can be found under a minute on a commodity hardware and DES is using 64 bit key which is pretty short to be considered secure today.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With