Generating AES key by hashing login password?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Aug 29 23:36:17 EDT 2008
Daniel Carosone <dan at geek.com.au> writes:
>On Fri, Aug 29, 2008 at 09:01:26PM +0000, Muffys Wump wrote:
>> Master Password: hash(hash(login_password))
>>
>> Would this be a good idea if we've used this generated hash as a key for AES?
>> Would the hashing be secure enough against different kinds of attacks?
>
>You want to look at something like PKCS#5 for generating keys from
>passphrases.
... and specifically PBKDF2, not the original PKCS #5. See also the
discussion at http://en.wikipedia.org/wiki/Dictionary_attack.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list