How to pad a key if the input key is not 16 byte in java encryption?

Question

what if the input key is less than 16 bytes? i found a solution, but its not a best practice.

//hashing here act as padding because any input given, it will generate fixed 20 bytes long.
MessageDigest sha = MessageDigest.getInstance("SHA-1");
key = sha.digest(key);
//trim the code to only 16 bytes.
key = Arrays.copyOf(key, 16);

I'm not planning to use salt because it is not necessary in my project. Is there any better way?

Answer 1

There are three approaches:

1. Pad the key out to 16 bytes. You can use any value(s) you want to as padding, just so long as you do it consistently.

2. Your scheme of using a SHA-1 hash is OK. It would be better if you could use all of the bits in the hash as the key, but 128 bits should be enough.

3. Tell the user that the key needs to be at least N characters. A key that is too short may be susceptible to a password guessing attack. (A 15 character key is probably too long to be guessed, but 8 characters is tractable.) In fact, you probably should do some other password quality checks.

My recommendation is to combine 1. or 2. with 3 ... and password quality checks.

I'm not convinced that seeding the hash will make much difference. (I am assuming that the bad guy would be able to inspect your file encryption app and work out how you turn passwords into keys.) Seeding means that the bad guy cannot pre-generate a set of candidate keys for common / weak passwords, but he still needs to try each of the generated keys in turn.

But the flip-side is that using a crypto hash doesn't help if the passwords you start with are weak.