O'Reilly logo

Java Cryptography by Jonathan Knudsen

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Passphrase Encryption

Passphrase encryption is a “quick-and-dirty” method for encrypting data. Instead of having to manage a private key in a file, a passphrase is used to generate a key. A passphrase is something a person can remember and type, which eliminates the need to store a key in a file somewhere. A passphrase is just like a password, except it’s usually longer. The key is constructed by calculating a message digest of the passphrase. The digest value is used to construct a key for a symmetric cipher.

The usual caveats about passwords apply to passphrases. People are likely to choose easy-to-remember passphrases, which are also easy to guess. Dictionary attacks are also possible, though a passphrase is usually longer than a password, thereby making dictionary attacks more expensive. People also are likely to keep their passphrases in wallets, stuck to computer monitors, tattooed on their foreheads, or in other obvious places. If you want a simple encryption method that provides moderate security, however, passphrase encryption may be sufficient.

Salt and Vinegar

You can reduce the efficiency of a dictionary attack by using salt . Typically, an attacker compiles a list of common or likely passphrases. Then he or she calculates the digest of each passphrase and stores it (this is the dictionary). Now the attacker can construct a key from each digest value to see if a piece of ciphertext decrypts or not.

Salt is additional data concatenated to the passphrase. The passphrase ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required