Daniel Carosone <[EMAIL PROTECTED]> writes: >On Fri, Aug 29, 2008 at 09:01:26PM +0000, Muffys Wump wrote: >> Master Password: hash(hash(login_password)) >> >> Would this be a good idea if we've used this generated hash as a key for AES? >> Would the hashing be secure enough against different kinds of attacks? > >You want to look at something like PKCS#5 for generating keys from >passphrases.
... and specifically PBKDF2, not the original PKCS #5. See also the discussion at http://en.wikipedia.org/wiki/Dictionary_attack. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
