Anonymous ID: 5df682 Nov. 21, 2018, 3:13 a.m. No.3982761   🗄️.is 🔗kun

We can start with the fact that when you encrypt something with AES, it isn't actually encrypted to the password you input because the keys in AES have a fixed size.

 

https://crypto.stackexchange.com/questions/40757/key-derivation-functions-kdf-what-are-main-purposes-how-can-they-be-used

 

AES accepts key sizes of 128 bits, 192 bits, or 256 bits. These key sizes correspond to the security level. So the KDF uses a hashing algorithm from your password to derive a 256-bit key in the case of AES-256.

 

The algorithm that is typically used is called PBKDF2, and it is built in such a way that it is difficult to brute force because each iteration is computationally expensive. So, the password we are trying to break is a string of 256-bits and not the actual password entered. (It wouldn't surprise me if a modified KDF was used making password-based brute forcing impossible).