Generating AES key by hashing login password?

Peter Gutmann pgut001 at
Fri Aug 29 23:36:17 EDT 2008

Daniel Carosone <dan at> writes:
>On Fri, Aug 29, 2008 at 09:01:26PM +0000, Muffys Wump wrote:
>> Master Password: hash(hash(login_password))
>> Would this be a good idea if we've used this generated hash as a key for AES?
>> Would the hashing be secure enough against different kinds of attacks?
>You want to look at something like PKCS#5 for generating keys from

... and specifically PBKDF2, not the original PKCS #5.  See also the
discussion at


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list