6.6. Hashing a Single String
Problem
You have a single string of data that you would like to hash, and you don’t like the complexity of the incremental interface.
Solution
Use an “all-in-one” interface, if available, or write your own wrapper, as shown in Section 6.6.3.
Discussion
Warning
Hash functions are not secure by themselves—not for a password system, not for message authentication, not for anything! If you do need a hash function by itself, be sure to at least protect against length extension attacks, as described in Recipe 6.7.
Complexity can certainly get you in trouble, and a simpler API can be better. While not every API provides a single function that can perform a cryptographic hash, many of them do. For example, OpenSSL provides an all-in-one API for each of the message digest algorithms it supports:
unsigned char *MD2(unsigned char *in, unsigned long n, unsigned char *md); unsigned char *MD4(unsigned char *in, unsigned long n, unsigned char *md); unsigned char *MD5(const unsigned char *in, unsigned long n, unsigned char *md); unsigned char *MDC2(const unsigned char *in, unsigned long n, unsigned char *md); unsigned char *RIPEMD160(const unsigned char *in, unsigned long n, unsigned char *md); unsigned char *SHA1(const unsigned char *in, unsigned long n, unsigned char *md);
APIs in this style are commonly seen, even outside the context of OpenSSL. Note that these functions require you to pass in a buffer into which the digest is placed, but they also return a pointer to that ...
Get Secure Programming Cookbook for C and C++ now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.