Thread safe PBKDF2 with random, unique salts and constant-time comparison.
Based on JP Mens’ C implementation which is itself inspired by Simon Sapin’s scheme.
If you’re looking for a ready to use C library to store/retrieve your passwords in/from a data store securely, then this library is for you.
Code and usage
The code is available on github. OpenSSL is a dependancy and must be installed.
For sample usage look at
example1.c in the
examples/ directory. Use the
Makefile provided to build the example statically.
Use CMake to build as a shared library.
My contributions to this project are limited to identifying a bug concerning thread-safety in JP Mens’ code and providing a header & sample with openssl locking for thread safe usage; so all credit to JP Mens, Simon Sapin & Kungliga Tekniska Hgskolan (author of