Key Stretching Algorithms – CompTIA Security+ SY0-501 – 6.2

One way to extend the capabilities of a relatively small key size is to implement key stretching. In this video, you’ll learn about the libraries that application developers can use to stretch their keys.

<< Previous Video: Hashing Algorithms Next: Obfuscation >>

When we’re implementing encryption in our applications, we may find that the encryption method in use is using some very short keys. And as we are aware, shorter keys generally mean a more weaker form of encryption.

One way to use a stronger type of encryption using this weak key is to send it through multiple processes. So you might hash a password, and then hash the hash of the password, and then hash the hash of the hash of the password, and so on. This is called key stretching or key strengthening. This means that they would have to spend much more time performing their brute force even though, the key was relatively small, to begin with.

If you’re an application developer, there’s no need to write your own code to perform this key stretching. There are a number of libraries that will already do this for you. One good example is bcrypt. This will create hashes from passwords by going through multiple rounds of the Blowfish cipher to make that original process much, much stronger.

There’s also a library, which is the PBKDF2 or the password-based key derivation function 2. It’s part of the RSA public key cryptography standards, and it can also help strengthen or stretch your keys.