Implementing password hashing in C++

Hello alls!

I was wondering if anyone out there knew a good and easy to implement password hashing libary for C++. It doesn’t have to be super secure as its a university assignment. However its just to show the lecturer that I understand that password files can be compared by hash.

I have been looking at Botan so far but a bit worried about building the libary from scratch!

Also hope everyone is well in this savage world we are living in at the moment:)

Are you looking to build a library that offers multiple algorithms, or just one? MD5 should be a decent place to start. Just don’t ever use it in the real world for password hashing. In fact, don’t write your own crypto algorithms at all in the real world unless you’ve got a very good reason to do so.

1 Like

Why write your own c++ anyway? You could use sha256sum on the command line.

… or include openssl/sha.h , make a context , init it, update it, finalize the hash.

1 Like

This can’t be emphasized enough. It’s great to do that sort of thing as an experiment or to learn, but there’s a reason we have standardized encryption choices. They’ve been audited and lack security holes.

As far as building a library from scratch, it’s very easy. Usually, you do ./configure, make, make install. If that doesn’t work, check the readme.

Building packages from source, well, developers need to do builds all the time, so they automate it in such a way that it can be fully built with a command. That tooling almost always can be used in a production environment as well.

@redocbew I just need a password hashing function for this coursework. That is good advice mind I have had a pop at cracking md5s myself…super trivial.

@risk the coursework is C++ OOP related so have to show code etc :slight_smile:

@SgtAwesomesauce fair one I think my problem is I am still not that confident with doing builds from scratch yet. Was hoping for an #include and call a function :slight_smile: . Do not suppose you have any reading / links that can guide me on?

Thanks for the feedback all :slight_smile:

Let’s start with your environment. What OS are you using, what IDE or editor. etc… That will help me guide you towards a solution.

My two Linux distros (Arch and Ubuntu) include botan packages, so you don’t actually have to build from source, you should be able to just install the package, then use a #include and call a function. In all fairness though, I’ve been out of the C++ game for a long time though, so I don’t remember the intricacies of compiler include directories and whatnot. I’m happy to help where I can though.

If your distro has a distinction between dev and non dev packages, make sure to install the dev package, because otherwise the headers required for compilation are not included.

@SgtAwesomesauce going to be using visual studio code I was using jetbrains CLion but the documentation compared to visual studio code is terrible. Yeah thats what I was thinking. The closest I came actually was to using botan but its written in C and would have to use a wrapper? I am going to use MiniGW and GCC as the compiler.

Would like to use Linux but hands up here I have never used any non python IDEs in Linux and do not want to get lost in semantics as still grasping just how to code as it is!

Going from simple medication formulas to coding has been one hell of a learning curve!

I’m by no means a developer I am just starting to get to the meat and two veg of C++ as it is and wish I could have done this in python as python this would have been a non problem.

Thanks in advance.

You don’t need to wrap c to use it from c++ (well not typically, not mostly, some type names might be different but you can include ctypes into your c++ code.

Usually c++ projects use autoconf or cmake as build systems, but for school projects where you can afford to have all your code in one directory, use cc on the command line, pass -I/myadditionalincludedir if you need to and that’s it.

Maybe make a (if this is tedious).

Maybe try for example make homework7 assuming is where your code is ; maybe you get lucky and make figures out by itself where include dirs and libraries are and what sources to use even without a Makefile.

1 Like

Okay. I’m not clear on if this indicates that you’re using Linux or not. Personally, I find Linux much easier to work with when writing code. (WSL might be an option if you’re more comfortable in Windows, but that’s not really my area)

If you’re on Ubuntu, I’ve had good experience with just using make myprogram as risk mentioned above, assuming the extra include libs are installed by the package manager.

1 Like

If you’re on a Linux or BSD operating system you can use the system libcrypt. It will support a variety of password hashing algorithms.

Read man 3 crypt and man 5 crypt

I used to think PBKDF2 was the thing to use but I just did some Googling around and apparently that was only true in 2009. Heh. Now there’s bcrypt, scrypt, yescrypt and a few others. There’s been a lot of research into making them strong against GPUs and ASIC decryption attacks.

1 Like

Thanks for the feedback :slight_smile:

I think libsodium is a respected and modern crypto library for programmers with a focus on simple to understand and safe APIs. I have not personally used libsodium though…

Speaking of an include & function call: Quickstart and FAQ - libsodium

Libsodium has an API for password hashing Password hashing - libsodium

Installation for your platform: Installation - libsodium

1 Like