Password-based encryption in Java

We've discussed various types of encryption. In all cases, we've assumed that the key is essentially a series of random bytes. Sometimes they have structure: in the case of RSA encryption, for example, we actually construct a random modulus from two random prime numbers (see the description of the RSA algorithm). But essentially, we have a series of random bytes generated programmatically; we assume that the user doesn't, for example, select the two RSA primes, or choose the 16 bytes that form a 128-bit AES key.

Unfortunately, there are times when we do want the user to effectively select the encryption key. We might want to encrypt a file based on a passphrase entered by the user, so that it can be sent securely by e-mail. In this case, we want the only secret information to be the passphrase.

The technique of generating a secret key from a user-generated passphrase is usually called password-based encryption (PBE). As you might imagine, it is fraught with difficulty. In particular:

The typical result is fairly dire: most password-protected data is encrypted with weak encryption keys, and an attacker can spend all the processor time they like trying to guess that weak key with complete impunity.

A typical password-based encryption scheme attempts to alleviate these problems. On the next page, we discuss how PBE works in a typical situation.


If you enjoy this Java programming article, please share with friends and colleagues. Follow the author on Twitter for the latest news and rants.

Editorial page content written by Neil Coffey. Copyright © Javamex UK 2021. All rights reserved.