Search code examples
javaandroidsecurityaespbkdf2

PBEWITHSHA256AND256BITAES-CBC-BC on Android : number of iterations for keygeneration and cipher?

I'm using PBEWITHSHA256AND256BITAES-CBC-BC with BouncyCastle.

public static String algorithm = "PBEWITHSHA256AND256BITAES-CBC-BC";

I've done this method to generate the secret key:

private void generateSK(char[] passPhrase, byte[] salt) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException {
    pbeParamSpecKey = new PBEParameterSpec(salt,1000);
    PBEKeySpec pbeKeySpec = new PBEKeySpec(passPhrase);
    SecretKeyFactory secretKeyFactory;

    secretKeyFactory = SecretKeyFactory.getInstance(algorithm);
    secretKey = secretKeyFactory.generateSecret(pbeKeySpec);
}

and then this to generate a Cipher object (for encryption or decryption):

protected Cipher getCipher(int mode) {
    try {
        Cipher cipher = Cipher.getInstance(algorithm);
        cipher.init(mode, secretKey, pbeParamSpecKey);

        return cipher;
    }catch (Exception e) {
        e.printStackTrace();
        return null;
    }
}

The pbeParamSpecKey need to be the same? How much is "important" (in terms of security) the number of iterations generating the key and the one generating the Cipher object? Can they be different?

Solution

  • The pbeParamSpecKey need to be the same? How much is "important" (in terms of security) the number of iterations generating the key and the one generating the Cipher object?

    This is a hard question that you need to answer yourself. The general guidance is, as large as possible without annoying the user too much, but 1000 iterations is a bit low nowadays.

    The next thing you need to do is try to benchmark your application on different devices that your user group probably has. Then you can fine-tune accordingly.

    Maybe you can slightly redesign your app so that the key derivation happens in the background during idle phases and can therefore take a longer time. Though, this may introduce other problems like keeping the derived key safe and not leakable.

    Can they be different?

    AES is a symmetric block cipher and as such needs the same key for encryption and decryption. To generate the same key, you need to use the same password, salt and number of iterations for PBKDF2.