I am looking for a simple unpatented one-way encryption algorithm, preferably in c. I would like to use it to validate passwords.
+13
A:
SHA-1 and the rest of its family were patented by the US government which "has released the patent under a royalty free license". Many public-domain implementations may be found through Google. :-)
Jeremy Banks
2008-09-16 05:42:11
+1
A:
SHA-1 seems like a good suggestion, or, if you believe that SHA-1 is close to being cracked, one of the SHA-2 family.
You may feel that MD5 isn't "safe" enough.
Brent.Longborough
2008-09-16 05:46:50
+2
A:
The correct name for 'one-way encryption algorithm' is 'hashing algorithm' (you did mean a way to 'scramble' a password so that it can never be recovered, right?)
Do not use md5 in modern applications, successful attacks on it have been showing up since 2004 (see http://www.doxpara.com/md5_someday.pdf for references). Use the SHA family.
Roel
2008-09-16 08:21:13
A true 'one-way encryption algorithm' would be to discard the data and instead pipe in from /dev/random. :-)
Brian Knoblauch
2008-10-17 18:54:05
A:
MD5 and SHA512 (or another SHA-2 variant) both have theoretical vulnerabilities identified in them. I don't think SHA has yet been demonstrated as broken but the possability exists. Whirlpool is a royalty free hash algorithm that has (as yet) not shown any weakness. This page has a link to the C reference implementation.
pipTheGeek
2008-10-30 13:06:39