Re: Generating AES key by hashing login password?

[Jon Callas]

We were wondering if it was possible to use a hash function instead.
Using the password he provided at the login screen and hash it n  
times.


Master Password: hash(hash(login_password))

Would this be a good idea if we've used this generated hash as a key  
for AES?

Would the hashing be secure enough against different kinds of attacks?


The short answer is yes. A better answer is that you want to salt the  
password before you hash it many times, to keep from having rainbow  
tables created. Another better answer is that you want to hash many  
times to slow down password crackers.


As others have mentioned, there are standards that can show you the  
way. PKCS#5 has a mechanism for this. OpenPGP does, too. They're  
subtly different, and understanding the differences can help you roll  
your own.


Jon

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Generating AES key by hashing login password?

[Peter Gutmann]

Daniel Carosone [EMAIL PROTECTED] writes:
On Fri, Aug 29, 2008 at 09:01:26PM +, Muffys Wump wrote:
 Master Password: hash(hash(login_password))
 
 Would this be a good idea if we've used this generated hash as a key for AES?
 Would the hashing be secure enough against different kinds of attacks?

You want to look at something like PKCS#5 for generating keys from
passphrases.

... and specifically PBKDF2, not the original PKCS #5.  See also the
discussion at http://en.wikipedia.org/wiki/Dictionary_attack.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]