>DES keys are 56 bits spread over 8 bytes (high-order bit of each byte is presumed to be parity and ignored). Your passwords/passphrases can be as long as you wish, you just have to extract 56 bits of entropy from them by passing them through a grinder like a cryptographically strong hash function (MD5/SHA).
>
>Note: passwords/passphrases usually consist of letters + digits instead of all possible byte values, meaning an 8-character password contains much less than 8 bytes' worth of entropy (read: less than 8 bytes of 'key material bits'), typically 32 bits or less.
>
>I don't want to preach too much crypto here so I simply recommend three things:
>(1) use a cryptographic hash function to turn user-provided passwords/passphrases/'keys' of any length into actual key material for whatever encryption algorithm you use; if the hash is longer than the desired number of key bits then it doesn't matter which bits you extract from the hash
>(2) let the client sign off on the encryption algorithm/strength
>(3) if your app is security-sensitive then it probably needs to be reviewed by a security expert; making a system secure is more involved than simply adding a dash of encryption here and there

So, assuming I would really want the user to use a 32 character string for the key, what would I need to modify in the code I showed in order to bypass the error when the key passed is longer than 8 characters?