So I wish to encrypt a string using AES-256 and want to provide the user to specify the password for unlocking the string. I plan to use sha-256 to hash to users entered password and use this as the key. Is this secure? and is their a better way of doing this?
Edit: it would be nice if people left a comment about why they down-voted it.
Using a key derived from a password hash means someone could brute force this using either a known list of passwords or dictionary.
Since SHA-256 is quite fast, it's very easy to do with a moderate amount of computational power.
To better protect the key from such an attack, it is suggested to use a password derived from a key derivation function.
