Generating AES key by hashing login password?

Muffys Wump muffysw at
Fri Aug 29 17:01:26 EDT 2008

We're two Students and we're developing an online password manager
like Clipperz or PassPack. In order to securely authenticate an user he
has to submit his login password. But to encrypt his data
(mainly credentials for other websites) with AES he would have to submit
another password for added security. Let's call it the master password.
We were wondering if it was possible to use a hash function instead.
Using the password he provided at the login screen and hash it n times.
Master Password: hash(hash(login_password))
Would this be a good idea if we've used this generated hash as a key for AES?
Would the hashing be secure enough against different kinds of attacks?
Explore the seven wonders of the world
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list