Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

github.com/RustCrypto/password-hashing

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/RustCrypto/password-hashing

  • v0.0.0-20230316120617-b7159b764892
  • Source
  • Go
  • Socket score

Version published
Created
Source

RustCrypto: Password Hashes

Project Chat Apache2/MIT licensed Dependency Status

Collection of password hashing algorithms, otherwise known as password-based key derivation functions, written in pure Rust.

Supported Algorithms

AlgorithmCrateCrates.ioDocumentationMSRV
Argon2argon2crates.ioDocumentationMSRV 1.65
Balloonballoon‑hashcrates.ioDocumentationMSRV 1.65
bcrypt‑pbkdfbcrypt‑pbkdfcrates.ioDocumentationMSRV 1.60
PBKDF2pbkdf2crates.ioDocumentationMSRV 1.60
scryptscryptcrates.ioDocumentationMSRV 1.60
SHA-cryptsha‑cryptcrates.ioDocumentationMSRV 1.60

Please see the OWASP Password Storage Cheat Sheet for assistance in selecting an appropriate algorithm for your use case.

Usage

The following code example shows how to verify a password when stored using one of many possible password hashing algorithms implemented in this repository.

use password_hash::{PasswordHash, PasswordVerifier};

use argon2::Argon2;
use pbkdf2::Pbkdf2;
use scrypt::Scrypt;

// Can be: `$argon2`, `$pbkdf2`, or `$scrypt`
let hash_string = "$argon2i$v=19$m=65536,t=1,p=1$c29tZXNhbHQAAAAAAAAAAA$+r0d29hqEB0yasKr55ZgICsQGSkl0v0kgwhd+U3wyRo";
let input_password = "password";

let password_hash = PasswordHash::new(&hash_string).expect("invalid password hash");

// Trait objects for algorithms to support
let algs: &[&dyn PasswordVerifier] = &[&Argon2::default(), &Pbkdf2, &Scrypt];

password_hash.verify_password(algs, input_password).expect("invalid password");

Minimum Supported Rust Version (MSRV) Policy

MSRV bumps are considered breaking changes and will be performed only with minor version bump.

License

All crates licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

FAQs

Package last updated on 16 Mar 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc