Using PBKDF2 instead of BCrypt
Added by Eric Shaw over 12 years ago
I would like to use PBKDF2 for the password hashing algorithm rather than bcrypt because of its in depth testing. Is there a way I could implement it in Wt?
Replies (5)
RE: Using PBKDF2 instead of BCrypt - Added by Eric Shaw over 12 years ago
Anyone able to give me any information on this?
RE: Using PBKDF2 instead of BCrypt - Added by Koen Deforche over 12 years ago
Hey,
Yes, you can easily add a custom encryption function. See http://www.webtoolkit.eu/wt/doc/reference/html/classWt_1_1Auth_1_1HashFunction.html for the interface to implement, and you can then register it with the standard PasswordVerifier as one (or an additional) hash function.
I'm also interested in this, if there is a decent and liberally licensed implementation of PBKDF2, to integrate it in Wt::Auth, so perhaps you have some recommendations ?
Regards,
koen
RE: Using PBKDF2 instead of BCrypt - Added by Eric Shaw over 12 years ago
Apparently PasswordVerifier has a method called addHashFunction which I didn't even see. I'm assuming this will have to be written in C which if so is a lot harder to find than basically all other popular languages.
RE: Using PBKDF2 instead of BCrypt - Added by Eric Shaw over 12 years ago
openSSL has a version of it. Is it possible to implement it using that? There is also crypto [[[http://www.cryptopp.com/]]] which is a C implementation of a bunch of C cryptography functions. The individual files are not under copyright only the whole thing. Some guy implemented it using sha1 here: [[[http://www.backtrack-linux.org/forums/showthread.php?t=15273]]] which if you just change sha1 to sha256 it might work.
RE: Using PBKDF2 instead of BCrypt - Added by Eric Shaw over 12 years ago
I've been trying to get the c code from the backtrack site to output something like shown http://tools.ietf.org/html/draft-josefsson-pbkdf2-test-vectors-06#page-3 to make sure its right but I can't get the formatting correct