07-29-2014, 09:02 PM
Hello Guys,
your crypto-knowledge is wanted
At the moment i'm coding a program which should be able to keep the passwords of the users. Of course i don't want to save them in plain text, so i thought out sth.
The passwords will be saved AES256-CTR (i known that it doesn't have to do with hashes) encrypted, but this is secondary. I want to ask you, what you think about the key and IV generation.
So first the Key.
The key is at first about 70 characters long and consist of computer-specific things like OS or Username. To get to the 256 bit length, this key get hashed, using SHA256. So at the moment the key is on every PC Unique. But in the next time i want to make more unique.
Now to the IV. The IV is 128bit long and consist out of parts of the key, because i don't want to save the IV anywhere.
And after that, the Password gets encrypted. What do you think about it? Are there any weak spots, which i didn't care about?
Thanks for your replies
your crypto-knowledge is wanted
At the moment i'm coding a program which should be able to keep the passwords of the users. Of course i don't want to save them in plain text, so i thought out sth.
The passwords will be saved AES256-CTR (i known that it doesn't have to do with hashes) encrypted, but this is secondary. I want to ask you, what you think about the key and IV generation.
So first the Key.
The key is at first about 70 characters long and consist of computer-specific things like OS or Username. To get to the 256 bit length, this key get hashed, using SHA256. So at the moment the key is on every PC Unique. But in the next time i want to make more unique.
Now to the IV. The IV is 128bit long and consist out of parts of the key, because i don't want to save the IV anywhere.
And after that, the Password gets encrypted. What do you think about it? Are there any weak spots, which i didn't care about?
Thanks for your replies