I'd suggest this:Dan Honeycutt wrote: What I'm working on is a very simple text editor with a password feature to use to store the many passwords you end up with if you are active on the internet. I'm an encryption noob, what advantage would a crypto-secure RNG give, just harder to decrypt?
Best
Dan H.
- generate 16-byte salt using good PRNG, store this along with data each time you encrypt a file
- salt is appended to password when generating IV
- use several iterations (nesting) of crypto-secure hash function to generate IV (sha-1, ...) => first hash pwd + salt, then the output and so on
- use 256-bit AES symmetric block cipher to encrypt data itself
- I would also append random garbage generated using PRNG to pad data at the end of file to match AES block size
- and don't forget to clear password plaintext in memory after (de/en)cryption (the same applies to actual text before your app exits!)
I probably wouldn't bother with password verification - just let the users with wrong password decode garbage
EDIT: if you restrict the text editor to use only plain ANSI characters (msbit clear), you can use this to validate the password: if any of the decoded characters has msbit set, the password entered was invalid
one last thing: maybe let the user verify password by typing it twice so that typos are avoided