Skip to content

Instantly share code, notes, and snippets.

@andre-st

andre-st/pbkdf2.c

Created January 30, 2020 02:33
Show Gist options
  • Save andre-st/ea30fec905950b8f6f0e4f74c87261c3 to your computer and use it in GitHub Desktop.
Save andre-st/ea30fec905950b8f6f0e4f74c87261c3 to your computer and use it in GitHub Desktop.
Download ZIP
PBKDF2 HMAC-SHA1 Password Hashing
Raw
pbkdf2.c
/*
* Requires OpenSSL >= 1.0.0
* $ gcc -o pbkdf2 -lcrypto pbkdf2.c
*
* License: GPL2
*/
#include <err.h>
#include <errno.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sysexits.h>
#include <openssl/evp.h>
int main( int argc, char *argv[] )
{
const char *usage =
"Prints a PBKDF2 HMAC-SHA1 key in binary format.\n"
"You can use this for password hashing. MD5 is unsafe.\n"
"Usage: pbkdf2 <passw> <salt> <iter> <keylen>\n"
"Example: pbkdf2 passw0rd 1salt7 10000 512 | base64";
if( argc < 5 )
{
errx( EX_USAGE, usage );
}
const char *passw = argv[1];
const char *salt = argv[2];
unsigned long numiter = strtol( argv[3], (char **)NULL, 10 );
unsigned long keylen = strtol( argv[4], (char **)NULL, 10 );
if( numiter < 1024 )
{
warnx( "It's unsafe to fall below 1024 iterations. "
"Recommended: 10000 (like iOS4)" );
}
if( keylen < 128 )
{
warnx( "Keys shorter than 128 make collissions "
"more likely. Recommended: 512" );
}
unsigned char *hash = malloc( keylen );
if( hash == NULL )
{
err( 1, "Cannot allocate memory." );
}
PKCS5_PBKDF2_HMAC_SHA1( passw, strlen( passw ),
salt, strlen( salt ),
numiter, keylen, hash);
if( write( 1, hash, keylen ) == -1 )
{
return EXIT_FAILURE;
}
else
{
return EXIT_SUCCESS;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment