Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Im using AES and a salt String to encrypt my ‘passwords’, using a java program I made. (It uses AES symmetric encryption)
The user sets the message to be encrypted, the salt, the iterations, and 16 bytes for the key.
If i set it to use a high number of encryption and decryption iterations, say 255, will that really make my password any MORE secure than 1 iteration?
The short answer is yes.
Think of it like a Rubik’s cube (It’s not really the best example but bear with me). The plaintext is the cube in its solved state, the ciphertext its scrambled state. Each round of encryption is rotating one face of the cube once. It’s computationally much more difficult to solve the cube in the shortest possible number of moves if its more heavily scrambled. Breaking one round of AES would be the cryptographical equivalent of asking someone to solve a Rubik’s cube with one face rotated.
One such attack that can solve reduced rounds of encryptions efficiently is a SAT solver attack.
You should be using one way cryptographic operations for storing passwords anyway. I believe the preferred method is bcrypting, because it’s cryptographically secure (one way) and computationally intensive and thus very difficult to brute force.