Reputation: 3879
Library for passwords (salt/hash) in C?
Does anyone know of a library or framework to salt and hash a password in C? How would I go about doing this in a program?
Upvotes: 6
Views: 11476
Answers (4)
Reputation: 137517
I would definitely go with OpenSSL. Please, when it comes to encryption, don't try and roll your own, or just find something someone posted on the Internet. Go with something like OpenSSL that is verified, and trusted by millions every day. Home-brew and improperly implemented encryption is in my opinion a leading cause of security breaches on the Internet.
As Tibor mentioned, a salt is typically appended to the password before hashing. A unique salt greatly decreases the ability of a rainbow table based attack.
Upvotes: 7
Reputation: 3586
I will suggest using Openssl API
1.) If you want to generate a key using a password use PKCS5_PBKDF2_HMAC_SHA1() like
# include <openssl/evp.h>
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
unsigned char *salt, int saltlen, int iter,
int keylen, unsigned char *out);
or
int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
const unsigned char *salt,
const unsigned char *data, int datal, int count,
unsigned char *key,unsigned char *iv);
2.) To Hash A Password Use sha256 instead of sha1(reason more secure,and attempts are already been made on sha1 security)
# include <openssl/sha.h>
SHA256_CTX context;
unsigned char md[SHA256_DIGEST_LENGTH];
SHA256_Init(&context);
SHA256_Update(&context, (unsigned char*)input, length);
SHA256_Final(md, &context);
So after this md will contain the password hash
3.) SALT: salt are nothing but some random bytes but the point is take crypto secure random bytes. For this you can use:
# include <openssl/rand.h>
unsigned char salt[32]; //32 is just an example
int RAND_bytes(salt,32);
Upvotes: 6
Reputation: 29579
The most popular C crypto libraries with hashing functions are OpenSSL, Botan, and if you're on C++, Crypto++. Additionally, depending on the platforming your targeting and the hash function you want to use, you have the Win32 crypto functions on Windows and other native libraries for different platforms.
Upvotes: 2
Reputation:
There are many hashing function implementations in C, I suggest searching for SHA1 algorithm in C. If this is the only cryptographic feature, you can just copy some snippet but otherwise you can go for more advanced libraries such as OpenSSL or GNU Crypto.
Salting on the other hand is ussualy done simply by appending the salt to the password i.e. (in pseudocode) pwhash=hash(password+salt).
Upvotes: 2
Related Questions
- Is there a glibc hash function?
- C/C++ function for generating a hash for passwords (using MD5 or another algorithm)?
- Is there any C-language (or even C++) OpenID library around somewhere?
- hashtable implementation in C?
- How to write a hash function in C?
- Equivalent of password_hash() in Objective-C
- STM hash library for C (glib?)
- program to implement password security in c languge?
- Are there any easy way to use libraries for hashing data arrays?
- What are some widely used cryptography / hash libraries in C?