How to create a key for AES in a 192 bit key length from a password?

Let's say that I have a password. And it's secure. But it's a 10-character string.

So If I wanted to create an AES key for the 128-bit version of the algorithm I would just hash it using MD5. Or If I wanted the 256 version of the algorithm I would hash it with any of the 256 length hash functions such as Sha_256. But I have not been able to find any hashes (other than some named Tiger) that generate 192-bit outputs. No matter the salt or the previous steps in the key generation process, the last step seems to always be a hash that returns a key of the desired length.

Is the normal solution to always use the same hash (say Sha256) and just take the number of bits that are required for the key? If not, then how for 192?

Lets say that I have a password. And it's secure. But it's a 10 character string.

If we assume all of the 10 characters are ASCII ( not extended) you will get at most 64-bit search space for the attacker. This means you are effectively using a 64-bit key for AES-128. The rule is

• Not only the key size but also the entropy of the key source is important.

The common way is generating uniform random 128 bits for AES-128 key. This is easy if you are using a key exchange like DH ( in the end hash it, too - It leaks the Legendre), or ECDH ( hash it, too, the points are not uniform random)

If you are using a password, then you need a good entropy source for your passwords, too. Use Diwewire with 10 words to get 128-bit entropy. Once you have this it does not really matter to use password hashing algorithms to slow the attackers since you already got 128-bit ( you still need to hash it since it is very long). If you are using password hashing then the attacker way will be the fastest way; they will brute force the key, not the password.

Now, if you don't have a chance to increase the entropy source of your password then you definitely need password hashing algorithms like Argon2 and Balloon hashing. They have parameters like

• iteration; increases the attack time proportionally to the iteration.
• memory hardness; eliminates/reduced the massive password search of ASIC/PFGA/GPU search where memory is not bound as CPUs
• and, thread counter; reduces parallelization of password search programs.

All of the parameters need to be adjusted to achieve your target security. For example, if your password has 100-bit security then you need $2^{28}$ iteration to force the attacker to search 128-bit.

How to create a key for AES in a 192 bit key length from a password?

• Use 15 Dicewire words, hash it then trim to the 192 bits, or

• Use your password with salt and hash it with password hashing algorithms like Argon2 with well tuned parameters. They are already designed and you can find libraries that output desired length ( keep in mind that Argon2's security is bounded by 512-bit ). And;

  • Use the salt unique per generated key
  • Use as much as higher entropy
  • Use as many as higher parameters