CODEWITHSUNDEEP
iosobjective-caesnsdata
LettersBa
LettersBa

Reputation: 767

AES256 more than 32Bytes

I have this Objective-c Code that Converts a NSData to AES256, recently I discovered that the maximum number of password is 32 bytes:

- (NSData *)AES256EncryptWithKey:(NSString *)key {
    // 'key' should be 32 bytes for AES256, will be null-padded otherwise
    char keyPtr[kCCKeySizeAES256+1]; // room for terminator (unused)
    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding)

    // fetch key data
    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];

    NSUInteger dataLength = [self length];

    //See the doc: For block ciphers, the output size will always be less than or
    //equal to the input size plus the size of one block.
    //That's why we need to add the size of one block here
    size_t bufferSize = dataLength + kCCBlockSizeAES128;
    void *buffer = malloc(bufferSize);

    size_t numBytesEncrypted = 0;
    CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
                                          keyPtr, kCCKeySizeAES256,
                                          NULL /* initialization vector (optional) */,
                                          [self bytes], dataLength, /* input */
                                          buffer, bufferSize, /* output */
                                          &numBytesEncrypted);
    if (cryptStatus == kCCSuccess) {
        //the returned NSData takes ownership of the buffer and will free it on deallocation
        return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
    }

    free(buffer); //free the buffer;
    return nil;
}

- (NSData *)AES256DecryptWithKey:(NSString *)key {
    // 'key' should be 32 bytes for AES256, will be null-padded otherwise
    char keyPtr[kCCKeySizeAES256+1]; // room for terminator (unused)
    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding)

    // fetch key data
    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];

    NSUInteger dataLength = [self length];

    //See the doc: For block ciphers, the output size will always be less than or
    //equal to the input size plus the size of one block.
    //That's why we need to add the size of one block here
    size_t bufferSize = dataLength + kCCBlockSizeAES128;
    void *buffer = malloc(bufferSize);

    size_t numBytesDecrypted = 0;
    CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
                                          keyPtr, kCCKeySizeAES256,
                                          NULL /* initialization vector (optional) */,
                                          [self bytes], dataLength, /* input */
                                          buffer, bufferSize, /* output */
                                          &numBytesDecrypted);

    if (cryptStatus == kCCSuccess) {
        //the returned NSData takes ownership of the buffer and will free it on deallocation
        return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];
    }

    free(buffer); //free the buffer;
    return nil;
}

I wonder if it is possible to find some way to increase these bytes? Causing the password to be larger than 32 digits, it is possible?

Upvotes: 0

Views: 1208

Answers (2)

Artjom B.
Artjom B.

Reputation: 61952

AES doesn't use a password, but a key. AES-256 for example is only defined for a 256-bit key (32 bytes). You can of course use password-based derivation functions to derive a key from a password.

Popular choices are PBKDF2, bcrypt and scrypt (with increasing slowness - the slower the better). They are essentially hash functions that take an arbitrary binary string and give a (variable) fixed output.

A good value for PBKDF2 is 86,000 iterations. Also, use a random salt. You can then generate enough output for the key and IV.

CBC mode (which is the default for CCCrypt) is not semantically secure if used with a static IV such as the all zeros IV in your code. Use at least CBC mode with a random IV or even better an authenticated mode like GCM or EAX. If an authenticated mode is not available, you need to apply a message authentication code to your ciphertext (encrypt-then-MAC) in case your system is vulnerable to a random oracle attack.

Upvotes: 2

zaph
zaph

Reputation: 112855

  1. A byte is not a digit.

  2. 256-bit keys are well beyond brute force cracking.

  3. Do not use a password for the encryption key. If you need to use a password use a Password Key Derivation Function such as PBKDF2 to create a secure encryption key from the password. The password can be of any length and the PBKDF2 function will generate a secure encryption key of the correct length. Specify an iteration count of > 10K.

  4. Getting CCCrypt to work is the trivial part of creating a secure encryption scheme.

  5. Consider using RNcryptor, it will handle these details and more.

  6. You will need to handle the security of the password/key, that is not easy.

Upvotes: 3

Related Questions