I’m looking for a function for C/C++ that behaves identically to PHP’s md5() function — pass in a string, return a one-way hash of that string. I’m also open to other algorithms than md5() if they are as secure (or more secure), reasonably fast, and ideally one-way.
The reason I’m searching for said function is for the same purpose I would use PHP’s md5() function: to store a one-way hash of a user’s password in a database rather than the actual text of the user’s password (in case the database’s data is ever compromised, the user’s passwords would still be relatively secret).
I’ve spent around two hours searching now. All the code I’ve found either was for getting an MD5 of file data (instead of just a string), wouldn’t compile, was for another programming language, or required an entire library (such as Crypto++, OpenSSL, hashlib++) to be added to my project, some of which are very large (is that really necessary when all I want is just one one-way string hashing function?).
Seeing as how this is a common need, I’m assuming someone has already written and made available exactly what I’m looking for.. can someone point me to it?
Thanks in advance.
Seriously, use a library (OpenSSL is a good choice). They’re well-tested, and you can just drop them into your project without having to worry if you get the code right or not. Don’t worry about the size of the library, any functions you don’t use will not be included in your final executable.
I’d also recommend avoiding MD5, as it has known weaknesses, in favor of something stronger such as SHA-256 or Blowfish.
But whichever algorithm and implementation you go with, do not forget to salt your inputs!