How to implement password protection for individual files?

by

Key Generation

I would recommend using a recognized algorithm such as PBKDF2 defined in PKCS #5 version 2.0 to generate a key from your password. It’s similar to the algorithm you outline, but is capable of generating longer symmetric keys for use with AES. You should be able to find an open-source library that implements PBE key generators for different algorithms.

File Format

You might also consider using the Cryptographic Message Syntax as a format for your file. This will require some study on your part, but again there are existing libraries to use, and it opens up the possibility of inter-operating more smoothly with other software, like S/MIME-enabled mail clients.

Password Validation

Regarding your desire to store a hash of the password, if you use PBKDF2 to generate the key, you could use a standard password hashing algorithm (big salt, a thousand rounds of hashing) for that, and get different values.

Alternatively, you could compute a MAC on the content. A hash collision on a password is more likely to be useful to an attacker; a hash collision on the content is likely to be worthless. But it would serve to let a legitimate recipient know that the wrong password was used for decryption.

Cryptographic Salt

Salt helps to thwart pre-computed dictionary attacks.

Suppose an attacker has a list of likely passwords. He can hash each and compare it to the hash of his victim’s password, and see if it matches. If the list is large, this could take a long time. He doesn’t want spend that much time on his next target, so he records the result in a “dictionary” where a hash points to its corresponding input. If the list of passwords is very, very long, he can use techniques like a Rainbow Table to save some space.

However, suppose his next target salted their password. Even if the attacker knows what the salt is, his precomputed table is worthless—the salt changes the hash resulting from each password. He has to re-hash all of the passwords in his list, affixing the target’s salt to the input. Every different salt requires a different dictionary, and if enough salts are used, the attacker won’t have room to store dictionaries for them all. Trading space to save time is no longer an option; the attacker must fall back to hashing each password in his list for each target he wants to attack.

So, it’s not necessary to keep the salt secret. Ensuring that the attacker doesn’t have a pre-computed dictionary corresponding to that particular salt is sufficient.

More Related Contents:

  1. decrypt with public key [closed]
  2. Java 256-bit AES Password-Based Encryption
  3. Example of AES using Crypto++ [closed]
  4. Should I use an initialization vector (IV) along with my encryption?
  5. How does a cryptographically secure random number generator work?
  6. Encrypt and decrypt a string in C#? [closed]
  7. How do you Encrypt and Decrypt a PHP String?
  8. Simplest two-way encryption using PHP
  9. Is “double hashing” a password less secure than just hashing it once?
  10. Two-way encryption: I need to store passwords that can be retrieved
  11. Simple way to encode a string according to a password?
  12. JavaScript string encryption and decryption?
  13. Preferred Method of Storing Passwords In Database
  14. Difference between encoding and encryption
  15. Login without HTTPS, how to secure?
  16. implement RSA in .NET core
  17. How to decrypt an encrypted AES-256 string from CryptoJS using Java? [closed]
  18. iOS AES Encryption – Fail to Encrypt
  19. Password Verification with PBKDF2 in Java
  20. AES Encryption – Key versus IV
  21. Various questions about RSA encryption
  22. CryptoJS AES encryption and Java AES decryption
  23. Is it possible to decrypt MD5 hashes?
  24. What is the easiest way to encrypt a password when I save it to the registry?
  25. AES/CBC/PKCS5Padding in iOS objective c result differs from Android
  26. How to see the encrypted key in wireshark, during ssl key exchange?
  27. CryptographicException “Key not valid for use in specified state.” while trying to export RSAParameters of a X509 private key
  28. Is it possible to encrypt data with AES (256 bit) GCM mode in .net framework 4.7?
  29. AES string encryption in Objective-C
  30. How are the IV and authentication tag handled for “AES/GCM/NoPadding”?

Leave a Comment