Password Verification with PBKDF2 in Java

Question

I\'m doing password based file encryption in Java; I\'m using AES as the underlying encryption algorithm and PBKDF2WithHmacSHA1 to derive a key from a salt and

Answer 1

Compute some sort of password verification tag and store that alongside the encrypted file data so that you can check it first. This might be something like the PBMAC of a fixed (short) string. Of course, this needs to be a non-reversible function so a cracker could not determine the password, and not be too quick to compute so as to confound the brute force attack.

Have you considered whether (and how) you will detect if the whole file has been decrypted correctly? You should probably look into some combination of PBES2 and PBMAC rather than using AES directly.