[131978] in cryptography@c2.net mail archive
Re: Generating AES key by hashing login password?
daemon@ATHENA.MIT.EDU (Daniel Carosone)
Fri Aug 29 17:29:40 2008
Date: Sat, 30 Aug 2008 07:20:08 +1000
From: Daniel Carosone <dan@geek.com.au>
To: Muffys Wump <muffysw@hotmail.com>
Cc: cryptography@metzdowd.com
Mail-Followup-To: Muffys Wump <muffysw@hotmail.com>,
cryptography@metzdowd.com
In-Reply-To: <BAY142-W252A5C17B92D2A146781C5AA630@phx.gbl>
--lqtP4FxvQo6hb6bg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Aug 29, 2008 at 09:01:26PM +0000, Muffys Wump wrote:
> Master Password: hash(hash(login_password))
> =20
> Would this be a good idea if we've used this generated hash as a key for =
AES?
> Would the hashing be secure enough against different kinds of attacks?
You want to look at something like PKCS#5 for generating keys from passphra=
ses.
--
Dan.
--lqtP4FxvQo6hb6bg
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (NetBSD)
iEYEARECAAYFAki4aAgACgkQEAVxvV4N66euMQCeKbtexN89lQ+x8jgeiGIC7InM
ZhwAn0Essl7+QHy2XFPt+m6ks/tsLah0
=bHl8
-----END PGP SIGNATURE-----
--lqtP4FxvQo6hb6bg--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
