Coding, maths and art

Key derivation

Most algorithms which permit user selected keys (such as symmetric encryption and MACs) require a binary key, typically 128 bits or more. This equates to a hexadecimal string of at least 32 characters. Most of us would struggle to remember such a key, or indeed to type it in accurately.

Generally most of us prefer using a password rather than a long binary key. The process of converting the password into a binary key is known as Key Derivation.

There are several ways to derive a key from a password, the most common being hash functions and psuedo-random number generators. We will also discuss the problem of dictionary attacks on weak passwords, and some methods to help avoid them.