Derive binary key from password
Often there is a need to generate a strong binary key from a text password. In particular, this is needed when a user-supplied password is used to encrypt some data with a strong symmetric algorithm. Using the password as a key 'as is' is bad practice, therefore a proper key shall be generated using some one-way function.
SecureBlackbox's TElSymmetricKeyMaterial class (SBSymmetricCrypto namespace) provides this capability via its set of DeriveKey() methods. You can choose one of the following options, depending on you project requirements:
The 'iterations' parameter specifies the complexity of the password-to-key routine, loosely speaking, how many times the password should be hashed before the result is returned as a key. The more iterations, the more secure is the procedure, as it slows down the brute force attack. The default number of iterations is 2048.
Note that DeriveKey() produces consistent results, and calling it repeatedly with the same parameters will yield the same key.
TElSymmetricCryptoFactory fac = new TElSymmetricCryptoFactory(); TElSymmetricCrypto aesCrypto = fac.CreateInstance(SBConstants.Unit.SB_ALGORITHM_CNT_AES256); TElSymmetricKeyMaterial km = new TElSymmetricKeyMaterial(); km.DeriveKey(256, "password", "salt"); km.IV = iv; // DeriveKey() only generates the key, not the IV, so we have to set that ourselves aesCrypto.KeyMaterial = km;