When we're implementing
encryption in our applications,
we may find that the
encryption method in use
is using some very short keys.
And as we are
aware, shorter keys
generally mean a more
weaker form of encryption.
One way to use a stronger
type of encryption
using this weak key is to send
it through multiple processes.
So you might hash a
password, and then
hash the hash of the
password, and then hash
the hash of the hash of
the password, and so on.
This is called key stretching
or key strengthening.
This means that they would
have to spend much more time
performing their brute
force even though,
the key was relatively
small, to begin with.
If you're an
application developer,
there's no need to
write your own code
to perform this key stretching.
There are a number
of libraries that
will already do this for you.
One good example is bcrypt.
This will create
hashes from passwords
by going through multiple
rounds of the Blowfish cipher
to make that original
process much, much stronger.
There's also a library,
which is the PBKDF2
or the password-based key
derivation function 2.
It's part of the RSA public
key cryptography standards,
and it can also help strengthen
or stretch your keys.
