User (Old forums)MemberSeptember 8, 2008 at 2:25 pmPost count: 23064In its purest form,SetSecretKeyFromPassPhraseperforms a simple, single hashing of the specified pass phrase. The hashing method can be set using theHashingMethodproperty of the encryption method object.
There are three possible scenarios:
1) The Hashing Method object has an HashSize equals to the requested key length. The hashing is performed only once. The resulting SecretKey will be the exact calculated HashValue of the specified pass phrase.
2) The Hashing Method object has an HashSize greater than the requested key length. The hashing is performed only once. The resulting SecretKey will be the n first bytes of the calculated HashValue. Where n is the requested key length.
3) The Hashing Method object has an HashSize smaller than the requested key length. The hashing is performed multiple times. Each time, the appended hash value is calculated on the full length of the previously concatenated results. Obviously, the result of the last appended hash value can be truncated according to the remaining key bits needed.
In practice, the hashing will never be performed more than twice because, in the Xceed Encryption Library, the smallest supported hash size is 128 bits long (Haval) and the longest symmetric key size is 256 bits long (Twofish and Rijndael).
For example, given the previous setup (Haval-128 and Rijndael-256), SetSecretKeyFromPassphrase will do the following:
K = H( PS ) | H( H( PS ) )
K is the resulting secret key,
H is the hash calculation method,
| is the concatenation operator and
PS is the passphrase.
An hypothetical Haval-128 and ÜberCry-384(tm) setup would produce the following:
K = H( PS ) | H( H( PS ) ) | H( H( PS ) | H( H( PS ) ) )
(I hope I got my parenthesis right)
(These ones too)
This notation is more readable:
K1 = H( PS )
K2 = H( K1 )
K3 = H( K1 | K2 )
K = K1 | K2 | K3
Naturally, it is recommended to use an hash size greater or equal to the needed secret key length so that you benefit from all the entropy of your pass phrase. This is assuming your pass phrase is as strong as the requested secret key length (see PassPhrase).
Imported from legacy forums. Posted by Xceed admin (had 1656 views)
- You must be logged in to reply to this topic.