Menu
Does anyone know of a library or framework to salt and hash a password in C? How would I go about doing this in a program?
376
Salting is simply the addition of a unique, random string of characters known only to the site to each password before it is hashed, typically this “salt” is placed in front of each password. The salt value needs to be stored by the site, which means sometimes sites use the same salt for every password.
The easiest way is to put the salt in front of the password and hash the combined text string. The salt is not an encryption key, so it can be stored in the password database along with the username – it serves merely to prevent two users with the same password getting the same hash.
Commonly used hashing algorithms include Message Digest (MDx) algorithms, such as MD5, and Secure Hash Algorithms (SHA), such as SHA-1 and the SHA-2 family that includes the widely used SHA-256 algorithm.
As you can see from the above example it is possible to crack passwords that use salts. It just takes much longer and requires more processing time. Hashed passwords that use salts are what most modern authentication systems use.
I would definitely go with OpenSSL. Please, when it comes to encryption, don't try and roll your own, or just find something someone posted on the Internet. Go with something like OpenSSL that is verified, and trusted by millions every day. Home-brew and improperly implemented encryption is in my opinion a leading cause of security breaches on the Internet.
As Tibor mentioned, a salt is typically appended to the password before hashing. A unique salt greatly decreases the ability of a rainbow table based attack.
166
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
