Encryption is performed using a key, which is a set of binary bits, not a password, which implies a human-readable string.
To switch from a password to a key, you can use a password-based key detection function such as PBKDF2. Crypto-JS already has a built-in PBKDF2 function, i.e.
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/pbkdf2.js"></script> <script> var salt = CryptoJS.lib.WordArray.random(128/8); var key128Bits = CryptoJS.PBKDF2("Secret Passphrase", salt, { keySize: 128/32 }); var key256Bits = CryptoJS.PBKDF2("Secret Passphrase", salt, { keySize: 256/32 }); var key512Bits = CryptoJS.PBKDF2("Secret Passphrase", salt, { keySize: 512/32 }); var key512Bits1000Iterations = CryptoJS.PBKDF2("Secret Passphrase", salt, { keySize: 512/32, iterations: 1000 }); </script>
In general, use the largest iteration counter possible since you can leave.
The salt should be a random variable, as in the example above; Of course, you will need to save this value along with the number of iterations in order to get the same key with the same passphrase.