AES output length

________

Hi,
does anyone know how the length of an AES encrypt output works?

How many chars dows it take before the output increases, and what is the maximum length of the output?

Thanks!

Kudose

Depends. Check out this link: http://www.ietf.org/rfc/rfc3962.txt

Here is what you are looking for:

Sample values for the PBKDF2 HMAC-SHA1 string-to-key function are
included below.

Iteration count = 1
Pass phrase = "password"
Salt = "ATHENA.MIT.EDUraeburn"
128-bit PBKDF2 output:
cd ed b5 28 1b b2 f8 01 56 5a 11 22 b2 56 35 15
128-bit AES key:
42 26 3c 6e 89 f4 fc 28 b8 df 68 ee 09 79 9f 15
256-bit PBKDF2 output:
cd ed b5 28 1b b2 f8 01 56 5a 11 22 b2 56 35 15
0a d1 f7 a0 4b b9 f3 a3 33 ec c0 e2 e1 f7 08 37
256-bit AES key:
fe 69 7b 52 bc 0d 3c e1 44 32 ba 03 6a 92 e6 5b
bb 52 28 09 90 a2 fa 27 88 39 98 d7 2a f3 01 61

Iteration count = 2
Pass phrase = "password"
Salt="ATHENA.MIT.EDUraeburn"
128-bit PBKDF2 output:
01 db ee 7f 4a 9e 24 3e 98 8b 62 c7 3c da 93 5d
128-bit AES key:
c6 51 bf 29 e2 30 0a c2 7f a4 69 d6 93 bd da 13
256-bit PBKDF2 output:
01 db ee 7f 4a 9e 24 3e 98 8b 62 c7 3c da 93 5d
a0 53 78 b9 32 44 ec 8f 48 a9 9e 61 ad 79 9d 86
256-bit AES key:
a2 e1 6d 16 b3 60 69 c1 35 d5 e9 d2 e2 5f 89 61
02 68 56 18 b9 59 14 b4 67 c6 76 22 22 58 24 ff

Iteration count = 1200
Pass phrase = "password"
Salt = "ATHENA.MIT.EDUraeburn"
128-bit PBKDF2 output:
5c 08 eb 61 fd f7 1e 4e 4e c3 cf 6b a1 f5 51 2b
128-bit AES key:
4c 01 cd 46 d6 32 d0 1e 6d be 23 0a 01 ed 64 2a
256-bit PBKDF2 output:
5c 08 eb 61 fd f7 1e 4e 4e c3 cf 6b a1 f5 51 2b
a7 e5 2d db c5 e5 14 2f 70 8a 31 e2 e6 2b 1e 13
256-bit AES key:
55 a6 ac 74 0a d1 7b 48 46 94 10 51 e1 e8 b0 a7
54 8d 93 b0 ab 30 a8 bc 3f f1 62 80 38 2b 8c 2a

Raeburn Standards Track [Page 10]

RFC 3962 AES Encryption for Kerberos 5 February 2005

Iteration count = 5
Pass phrase = "password"
Salt=0x1234567878563412
128-bit PBKDF2 output:
d1 da a7 86 15 f2 87 e6 a1 c8 b1 20 d7 06 2a 49
128-bit AES key:
e9 b2 3d 52 27 37 47 dd 5c 35 cb 55 be 61 9d 8e
256-bit PBKDF2 output:
d1 da a7 86 15 f2 87 e6 a1 c8 b1 20 d7 06 2a 49
3f 98 d2 03 e6 be 49 a6 ad f4 fa 57 4b 6e 64 ee
256-bit AES key:
97 a4 e7 86 be 20 d8 1a 38 2d 5e bc 96 d5 90 9c
ab cd ad c8 7c a4 8f 57 45 04 15 9f 16 c3 6e 31
(This test is based on values given in [PECMS].)

Iteration count = 1200
Pass phrase = (64 characters)
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
Salt="pass phrase equals block size"
128-bit PBKDF2 output:
13 9c 30 c0 96 6b c3 2b a5 5f db f2 12 53 0a c9
128-bit AES key:
59 d1 bb 78 9a 82 8b 1a a5 4e f9 c2 88 3f 69 ed
256-bit PBKDF2 output:
13 9c 30 c0 96 6b c3 2b a5 5f db f2 12 53 0a c9
c5 ec 59 f1 a4 52 f5 cc 9a d9 40 fe a0 59 8e d1
256-bit AES key:
89 ad ee 36 08 db 8b c7 1f 1b fb fe 45 94 86 b0
56 18 b7 0c ba e2 20 92 53 4e 56 c5 53 ba 4b 34

Iteration count = 1200
Pass phrase = (65 characters)
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
Salt = "pass phrase exceeds block size"
128-bit PBKDF2 output:
9c ca d6 d4 68 77 0c d5 1b 10 e6 a6 87 21 be 61
128-bit AES key:
cb 80 05 dc 5f 90 17 9a 7f 02 10 4c 00 18 75 1d
256-bit PBKDF2 output:
9c ca d6 d4 68 77 0c d5 1b 10 e6 a6 87 21 be 61
1a 8b 4d 28 26 01 db 3b 36 be 92 46 91 5e c8 2a
256-bit AES key:
d7 8c 5c 9c b8 72 a8 c9 da d4 69 7f 0b b5 b2 d2
14 96 c8 2b eb 2c ae da 21 12 fc ee a0 57 40 1b

Raeburn Standards Track [Page 11]

RFC 3962 AES Encryption for Kerberos 5 February 2005

Iteration count = 50
Pass phrase = g-clef (0xf09d849e)
Salt = "EXAMPLE.COMpianist"
128-bit PBKDF2 output:
6b 9c f2 6d 45 45 5a 43 a5 b8 bb 27 6a 40 3b 39
128-bit AES key:
f1 49 c1 f2 e1 54 a7 34 52 d4 3e 7f e6 2a 56 e5
256-bit PBKDF2 output:
6b 9c f2 6d 45 45 5a 43 a5 b8 bb 27 6a 40 3b 39
e7 fe 37 a0 c4 1e 02 c2 81 ff 30 69 e1 e9 4f 52
256-bit AES key:
4b 6d 98 39 f8 44 06 df 1f 09 cc 16 6d b4 b8 3c
57 18 48 b7 84 a3 d6 bd c3 46 58 9a 3e 39 3f 9e

Some test vectors for CBC with ciphertext stealing, using an initial
vector of all-zero.

AES 128-bit key:
0000: 63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69

IV:
0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Input:
0000: 49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65
0010: 20
Output:
0000: c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f
0010: 97
Next IV:
0000: c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f

IV:
0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Input:
0000: 49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65
0010: 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20
Output:
0000: fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22
0010: 97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5
Next IV:
0000: fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22

Raeburn Standards Track [Page 12]

RFC 3962 AES Encryption for Kerberos 5 February 2005

IV:
0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Input:
0000: 49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65
0010: 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43
Output:
0000: 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
0010: 97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84
Next IV:
0000: 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8

IV:
0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Input:
0000: 49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65
0010: 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43
0020: 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c
Output:
0000: 97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84
0010: b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e
0020: 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5
Next IV:
0000: b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e

IV:
0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Input:
0000: 49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65
0010: 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43
0020: 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20
Output:
0000: 97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84
0010: 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8
0020: 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
Next IV:
0000: 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8

Raeburn Standards Track [Page 13]

RFC 3962 AES Encryption for Kerberos 5 February 2005

IV:
0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Input:
0000: 49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65
0010: 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43
0020: 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20
0030: 61 6e 64 20 77 6f 6e 74 6f 6e 20 73 6f 75 70 2e
Output:
0000: 97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84
0010: 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
0020: 48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40
0030: 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8
Next IV:
0000: 48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40

Normative References

[AC] Schneier, B., "Applied Cryptography", second edition, John
Wiley and Sons, New York, 1996.

[AES] National Institute of Standards and Technology, U.S.
Department of Commerce, "Advanced Encryption Standard",
Federal Information Processing Standards Publication 197,
Washington, DC, November 2001.

[KCRYPTO] Raeburn, K., "Encryption and Checksum Specifications for
Kerberos 5", RFC 3961, February 2005.

[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.

[PKCS5] Kaliski, B., "PKCS #5: Password-Based Cryptography
Specification Version 2.0", RFC 2898, September 2000.

[RC5] Baldwin, R. and R. Rivest, "The RC5, RC5-CBC, RC5-CBC-Pad,
and RC5-CTS Algorithms", RFC 2040, October 1996.

[SHA1] National Institute of Standards and Technology, U.S.
Department of Commerce, "Secure Hash Standard", Federal
Information Processing Standards Publication 180-1,
Washington, DC, April 1995.

Weedpacket

???????? wrote:
what is the maximum length of the output?

Obviously there is none. If there were a maximum length for an encrypted message, then the algorithm could only encrypt a finite number of messages. But there are an infinite number of possible messages that it needs to be able to encrypt. Therefore there is no maximum length. QED.

http://csrc.nist.gov/encryption/aes/rijndael/

Moharo

Hey,

If you are trying to set up a database to store output generated by AES_ENCRYPT use BLOB as a field type

thanks