0

I know about storing passwords as salted hashes and I know it is even safe enough for Linux. But even before I knew this, I was wondering if it is safe to store a password in an AES container encrypted with the password itself.

In case my question got incomprehensible, some pythonish pseudo code:

AES(data=password, key=password)
Kazimierz Jawor
  • 18,184
  • 7
  • 30
  • 51
Schnusch
  • 31
  • 3
  • This question belongs on security.stackexchange.com, not here. Cryptography is a specialist subject, which unlike regular programming cannot always be verified through simple experiments; DO NOT trust regular programmers to answer cryptography questions correctly. – Robin Green Nov 30 '13 at 23:03
  • 2
    @RobinGreen It actually belongs on http://crypto.stackexchange.com. Note that there are a few crypto people on this forum :P – Maarten Bodewes Dec 02 '13 at 00:27

1 Answers1

1

No, that is not as safe as using a Password Based Key Derivation Function. The most important issue with passwords are dictionary and brute force attacks - trying passwords, in other words. Now the outcome of AES(data=password, key=password) is always the same value (as the calculation does not contain any salt). This means that building a rainbow table is possible. Furthermore, AES is a very fast, so it is very easy for attackers to check many passwords.

So you are much better off using a PBKDF such as PBKDF2, bcrypt or scrypt, with a high iteration count and at least 64 bits of random salt.

Rob Napier
  • 250,948
  • 34
  • 393
  • 528
Maarten Bodewes
  • 80,169
  • 13
  • 121
  • 225
  • See also http://stackoverflow.com/questions/19732232/rc4-safe-to-use-plaintext-as-the-key-to-encrypt-itself, where I describe essentially the same thing for RC4 rather than AES. In order to make this scheme secure, it would need to be `AES(data=password, key=PBKDF(password))`, which just adds a useless step on top of `PBKDF(password)`. – Rob Napier Dec 02 '13 at 00:47
  • Does this answer your question Schnuss? If it does, please hit the V mark to the left to accept, otherwise indicate what is missing from the answer. – Maarten Bodewes Dec 06 '13 at 15:59