#hash #bcrypt #salt #mcf #bmcf

rcrypt

A compact hashing/salting library based on bcrypt with smaller hashes

6 releases (3 breaking)

0.4.0 Feb 25, 2022
0.4.0-alpha.1 Feb 24, 2022
0.3.0 Feb 23, 2022
0.2.0 Feb 23, 2022
0.1.1 Feb 23, 2022

#863 in Cryptography

Apache-2.0

20KB
268 lines

rcrypt: A compact hashing and salting library

GitHub Workflow Status Crates.io docs.rs Crates.io

rcrypt, short for "reduced crypt" is a compact hashing and salting library based on bcrypt generating hashes that are 33.3% smaller than bcrypt (40 bytes over 60 bytes).

It was originally made for a part of Skytable's authentication system storage, but was moved into a separate library for usage in the wider Rust community. rcrypt is almost a drop-in replacement for the bcrypt crate. Here's how it works.

Usage

use rcrypt::DEFAULT_COST;
// your password
let mypass = String::from("pass123");
// hash
let hash = rcrypt::hash(&mypass, DEFAULT_COST).unwrap();
// verify
assert!(rcrypt::verify(&mypass, &hash).unwrap());

The usage remains just the same for users who use the bcrypt crate, except that the hash method returns a Vec<u8> instead of a String, while for the verify method you need to pass a &[u8] for the hash.

Getting back your bcrypt hash

If for some reason you need a String with the bcrypt hash from your rcrypt hash, you can do that too! Here's the procedure:

use rcrypt::DEFAULT_COST;
let rhash = rcrypt::hash("mypassword", DEFAULT_COST).unwrap();
// now let's get the bcrypt hash from the rcrypt hash
let bhash = rcrypt::bmcf::decode_into_mcf(&rhash).unwrap();

How it works

The smaller hash sizes result by rcrypt producing binary hashes and merging hash fields, in accordance with the BMCF spec.

  • The field separators in the MCF hash are not present in hashes generated by rcrypt
  • The cost and scheme fields are merged into one field
  • The hashes generated by rcrypt do not use base64 which results in lesser bytes being used to store the salt+digest

Acknowledgements

License

This crate is distributed under the Apache-2.0 License.

Dependencies

~0.7–1MB
~19K SLoC