Why is hashing done at the beginning/end

2005-04-15
2012-11-20
  • Hi Dominik

    you included a reference in the help file, which shows the security risk in SHA-1. So, my question is: Why is it used, to hash the password and the AES encoded data?

    I assert that my passphrase is more secure than the hashed string... It is 192 bits and uses digits, U-/Lcase letters and symbols. So I don't want to have it hashed... Of course encrypted with at least 6000 rounds, but not hashed!
    So, it would be great, if you add two checkboxes in the 'Database Settings' dialogue: hash before/after encryption.

    Thanks very much!

     
    • Michael Scheer
      Michael Scheer
      2005-04-16

      Hi nobody. Generally you need a key with a fixed length. Theres minimize of security if the application converts your pass to a 256 bit key...

       
      • Michael Scheer
        Michael Scheer
        2005-04-17

        Oops, a typo. I meant "theres NO minimization of security"

         
    • Hello! why would a converting to a 256 minimize the security??
      Greetz, TKC (Same as before, by the way)

       
    • Hello! But why would converting to a 256bit key minimize the security??
      Greetz, TKC (Same as before, BTW)