I am learning encryption algorithm in Java and stumble upon this algorithm:
SecretKey key = SecretKeyFactory.getInstance( "PBEWithMD5AndDES").generateSecret(keySpec);
I know it stands for Password Based Encryption with MD5 and DES algorithms. I know MD5 and DES are two separate algorithm encryption key but what exactly does PBEWithMD5AndDes means as an algorithm?
There isn't much resources online that does a good explanation regarding this "algorithm".
I was hoping someone could give simple and brief explanation about how this is different from a normal MD5 or normal DES algorithm.Answer1:
Extending the previous answer<blockquote>
what exactly does PBEWithMD5AndDes means as an algorithm?</blockquote>
PBE is using an encryption key generated from a password, random salt and number of iterations, see the KeySpec parameters.
KeySpec pbeSpec = new PBEKeySpec(password.toCharArray(), psswdSalt, PBKDF_INTERATIONS, SYMMETRIC_KEY_LENGTH)
The idea is - passwords tend to be short and not random enough, so they are easy to guess. Using number of iterations should make the guessing somewhat harder.
PBEWithMD5AndDesis using MD5 and DES to generate the key, see the <a href="https://gist.github.com/rohitshampur/da5f79c34260150aafc1" rel="nofollow">example code</a>. Real life implementation should use much higher number of iterations
How does that differ with just using MD5 or just DES? That's what i would like to know.</blockquote>
In theory - you may use pure MD5 or DES, but today's computer could guess the passwords very fast.
Please note DES and MD5 are obsolete today. MD5 collision can be found under a minute on a commodity hardware and DES is using 64 bit key which is pretty short to be considered secure today.Answer2:
PBE stands for "Password Based Encryption", a method where the encryption key (which is binary data) is derived from a password (text).