Aes key length significance/implications

I am using a AES algorithm in my application for encrypting plain text. I 开发者_C百科am trying to use a key which is a six digit number. But as per the AES spec, the key should be minimum sixteen bytes in length. I am planning to append leading zeros to my six digit number to make it a 16 byte and then use this as a key.

Would it have any security implications ? I mean will it make my ciphertext more prone to attacks.

Please help.

You should use a key derivation function, in particular PBKDF2 is state-of-the-art in obtaining an AES key from a password or PIN.

In particular, PBKDF2 makes more difficult to perform a key search because it:

• randomizes the key, therefore making precomputed password dictionaries useless;

• increases the computational cost of testing each candidate password increasing the total time required to find a key.

As an additional remark, I would say that 6 digits correspond roughly to 16 bits of password entropy, which are definitely too few. Increase your password length.