[Authentication] Clarification of algorithm: dh-ietf1024-aes128-cbc-pkcs7
Brad Hards
bradh at frogmouth.net
Wed Dec 1 20:37:34 PST 2010
On Thursday, December 02, 2010 12:21:02 pm Ben Kibbey wrote:
> It may be inappropriate to ask here, but I noticed that an AES256 key
> length is 32 bytes and the size of an SHA512 hash is 64 bytes. How can
> an SHA512 hash be used as AES256 key material? I've run into this
> problem in my project. Maybe it depends on the crypto library? I'm
> using libgcrypt.
It depends on the key derivation function. Typically (e.g. PBKDF1 or PBKDF2)
you just truncate at the end. So if you're using SHA512, and you want a 128
bit key, you take the first 128 bits. If you want a 256 bit key, you take the
first 256 bits. Note that PBKDF2 allows for an unbounded key length (i.e. if
you want 4096 bits of key, it can do that with MD5 or SHA1) - there is no
requirements that the hash size is longer than the key size. See RFC2898.
Brad
More information about the Authentication
mailing list