Photo by Towfiqu barbhuiya on Unsplash

Creating An Encryption Key from a Passphrase

I’ve lost count of the number of programs I’ve reviewed where a hashing method has been used to generate an encryption key from a passphrase. Overall this is not good practice, as it can be relatively easy to crack the encryption key, and there are flaws in the way that many of the hashing methods create a hash value. For example, MD5, SHA-1 and SHA-256 have fundamental weaknesses related to the length extension…