Password salting example written in C utilizing hashing algorithm SHA-256 (SHA-2). Developed for educational purposes only.
DISCLAIMER: THIS ALGORITHM HAS NOT BEEN TESTED AND AUDITED, SO DON'T USE IT ON A REAL APPLICATION! IF SO, USE AT YOUR OWN RISK!
$ make clean
$ make
$ ./password-salting <password> <work_factor> <salt_size>
$ ./password-salting password1234 16 8
Password: password1234
Work factor: 16
Number of iterations: 65536
Salt length: 8
Generated salt: 3425e872
Salted password: password12343425e872
Final hashed salted password: 7ce5aec45f2ead6e6c28ab7a88be6d3a73f359be8f535facedc94d110138d8d7
- The program reads an specified string which will be the password to be salted and hashed, the work factor and the salt size in bytes;
- A random salt is generated using /dev/urandom with the given input length;
- The salt is appended to the given string (password);
- The hashing algorithm SHA256 is applied N times, which is given by 2^work_factor: SHA256(SHA256(SHA256(SHA256...SHA256(password+salt)...)))
- Finally, the program outputs the final hashed salted password.