Generating AES key by hashing login password?
Muffys Wump
muffysw at hotmail.com
Fri Aug 29 17:01:26 EDT 2008
Hello,
We're two Students and we're developing an online password manager
like Clipperz or PassPack. In order to securely authenticate an user he
has to submit his login password. But to encrypt his data
(mainly credentials for other websites) with AES he would have to submit
another password for added security. Let's call it the master password.
We were wondering if it was possible to use a hash function instead.
Using the password he provided at the login screen and hash it n times.
Master Password: hash(hash(login_password))
Would this be a good idea if we've used this generated hash as a key for AES?
Would the hashing be secure enough against different kinds of attacks?
Kevin
_________________________________________________________________
Explore the seven wonders of the world
http://search.msn.com/results.aspx?q=7+wonders+world&mkt=en-US&form=QBRE
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list