[132017] in cryptography@c2.net mail archive
Re: Generating AES key by hashing login password?
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Sat Aug 30 10:36:27 2008
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: dan@geek.com.au, muffysw@hotmail.com
Cc: cryptography@metzdowd.com
In-Reply-To: <20080829212008.GK15679@bcd.geek.com.au>
Date: Sat, 30 Aug 2008 15:36:17 +1200
Daniel Carosone <dan@geek.com.au> writes:
>On Fri, Aug 29, 2008 at 09:01:26PM +0000, Muffys Wump wrote:
>> Master Password: hash(hash(login_password))
>>
>> Would this be a good idea if we've used this generated hash as a key for AES?
>> Would the hashing be secure enough against different kinds of attacks?
>
>You want to look at something like PKCS#5 for generating keys from
>passphrases.
... and specifically PBKDF2, not the original PKCS #5. See also the
discussion at http://en.wikipedia.org/wiki/Dictionary_attack.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
