Understanding the differences between a password and an encryption key
What is the difference between a symmetric encryption key and a password? A symmetric encryption key is a secret array of bits directly used by an encryption algorithm. As a rule, an encryption algorithm requires an encryption key of a specific length, for example, 256 bits. Some less popular ciphers allow variable-length encryption keys, but this is an exception rather than a rule. An encryption key is not very human-friendly: it looks like random data (and often is random data), it is long to write and read, and it is impossible to memorize, unless you are superhuman.
On the contrary, a password or a passphrase is often much more human-friendly. Many passwords and passphrases are readable by a human. Especially in movies, passwords are always short, simple, and readable. No wonder people prefer 8-character passwords or 4-word passphrases over 256-bit keys, and popular encryption software provides the possibility to encrypt data with passwords instead of raw encryption keys.
While a password is more human-friendly than an encryption key, it cannot be used directly by an encryption algorithm. We have to derive a key from the password first, and then use the derived key for encryption. But how do we do it? With the help of key derivation functions!