RE: MD5-Hash of a SHA-1-Hash unsecure?

["David Gillett" <gillettdavid () fhda edu>]

  "Less secure" than what?  I can't tell what the other side of
the comparison is supposed to be.

  Could this be made more secure?  Well, your IV is being
deterministically generated from the password chosen by the user, 
and so that password is your actual bits of key strength -- 
probably not very much, since users tend to like short words as
passwords.  Algorithmically turning a short password into an IV 
doesn't really make it any stronger.
  Nor does the information you've provided say how you get the 
password securely from browser to server -- maybe you're punting
that issue to SSL to handle?

  I think the usual way to improve a scheme like this is to add
a shared secret ("salt") to the password before hashing, some value
that both parties know but that never gets transmitted between them.
So the hash is not just a derivative of the password, but also of
knowledge available to legitimate clients and not (readily) available
to others.  Exactly how to implement this will depend on other 
characteristics of your environment.

David Gillett


> -----Original Message-----
> From: Andre Pawlowski [mailto:sqall () h4des org] 
> Sent: Friday, December 05, 2008 12:19 AM
> To: security-basics () securityfocus com
> Subject: MD5-Hash of a SHA-1-Hash unsecure?
>
> Hey guys,
>
> I've written a program which can store files encrypted ( 
> http://h4des.org/index.php?inhalt=kastalia ). The user enters 
> a password when he wants to encrypt a file. The programm 
> makes a SHA-1-Hash of this password and transfers it from the 
> browser to the server. When the encryption starts, the 
> program makes a MD5-Hash of this SHA-1-Hash for the IV of the 
> blowfish algorithm.
>
> Here is my question: Is it less secure when I make a MD5-Hash 
> of a SHA-1-Hash?
>
> Regards,
>
> --
> [] Andre Pawlowski
>
> visit http://h4des.org