Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

Adding salt to hashing in C++ - looking for library



  • Hello,
    since I haven't found anything in QT documentation, I was wondering if there's any library in QT that I could use alongside with QCryptographicHash Class to generate salts?

    If there isn't any, could anybody provide me with any 3rd party library I could use?

    Thanks in advance.



  • If you need random numbers of best available quality on your system, you probably want to use QRandomGenerator::system() for generating each salt. Using QRandomGenerator::securelySeeded() or QRandomGenerator::global() will result in pseudo-random sequence (though seed will be obtained from QRandomGenerator::system() so it won't be predictable actually)



  • You are probably looking for QRandomGenerator



  • @Konstantin-Tokarev
    Hello,
    thanks for feedback.
    Do you maybe now if class you have mentioned is safe in terms of OWASP guidelines?
    I am probably going to use this class anyway, but even so I'd like to know.



  • If you need random numbers of best available quality on your system, you probably want to use QRandomGenerator::system() for generating each salt. Using QRandomGenerator::securelySeeded() or QRandomGenerator::global() will result in pseudo-random sequence (though seed will be obtained from QRandomGenerator::system() so it won't be predictable actually)



  • Seems good to me, thank you very much!



  • Though I guess that your next question might be about doing key stretching, and Qt won't help you with this. So you may want to go with cryptographic library like OpenSSL, which will come with its own solution for secure random numbers as well.



  • In that scenario, do you maybe know if there's any step-by-step guide on how to include OpenSSL into my QT ?- it drives me crazy to link/install 3rd party lib, since almost always i encounter some errors :/
    I found this one https://doc.qt.io/archives/qt-5.5/opensslsupport.html, but im not really sure if it suits me (im not that much into OPS-related-stufff - I just see it's somehow connected to Android?).
    Im using mingw, working on W10.



  • I just see it's somehow connected to Android?

    Not at all

    In that scenario, do you maybe know if there's any step-by-step guide on how to include OpenSSL into my QT?

    Just like with any other external library - use INCLUDEPATH += and LIBS +=. OpenSSL support in Qt itself doesn't matter for you as Qt uses it as a backend for QSslSocket and related stuff, not for exposing its crypto algorithms.



  • I'll allow myself to ask one more question about linking library.

    I've downloaded bcrypt package file
    Source Code: bcrypt-1.1.tar.gz,
    from http://bcrypt.sourceforge.net/.

    I've unpacked it in
    C:\bcrypt-1.1,
    and added following code to .pro file

    INCLUDEPATH += C:\bcrypt-1.1
    DEPENDPATH += C:\bcrypt-1.1
    

    But it's not working, and i suppose im doing some extremely stupid mistake, could somebody help me out?

    I know that if we include external lib we should add

    • path to location of header files with INCLUDEPATH
    • path to location of .lib files with LIBS,

    but what in case that bcrypt package i've downloaded contains only headers?


  • Lifetime Qt Champion

    Hi,

    Is that library already built ?



  • Hi,
    i haven't noticed that it contains makefile. Do I have to build this using cmake or qmake will work as well?


  • Lifetime Qt Champion

    qmake is Qt's project management tool, it does not compile anything.

    Just in case, there seems to be a binary download for Windows available on the page you linked.



  • Seems like binary for Windows 2002 distribution doesn't work (at least in my case - exe does not start).

    1. After downloading binary, i couldn't start the exe located in it.
    2. If I was to use source version of library, how do I build it?

    Or: is there any more recent bcrypt source?


  • Lifetime Qt Champion

    1. did you check the instructions on the website ?
    2. that's a task for you to do.


  • A quick look on bcrypt's webpage tells me this is not a library, but a program. If you want to have it as a library, there is not support for this out of the box. You need to figure it out by yourself.

    The general instructions for building are to use make. (Usually, nmake is the equivalent on Windows.) I don't see any instructions for Windows on the webpage. You'll have to look through the README's, etc. to figure it out. cmake and qmake will not help as these will just generate makefiles and not compile anything. However, there is already a makefile, so you don't have to run cmake or qmake to create them.


Log in to reply