6 releases (3 breaking)
0.4.0 | Feb 25, 2022 |
---|---|
0.4.0-alpha.1 | Feb 24, 2022 |
0.3.0 | Feb 23, 2022 |
0.2.0 | Feb 23, 2022 |
0.1.1 | Feb 23, 2022 |
#863 in Cryptography
20KB
268 lines
rcrypt
: A compact hashing and salting library
rcrypt
, short for "reduced crypt" is a compact hashing and salting library based on bcrypt generating hashes that are 33.3% smaller than bcrypt (40 bytes over 60 bytes).
It was originally made for a part of Skytable's authentication
system storage, but was moved into a separate library for usage in the wider Rust community.
rcrypt
is almost a drop-in replacement for the bcrypt
crate. Here's how it works.
Usage
use rcrypt::DEFAULT_COST;
// your password
let mypass = String::from("pass123");
// hash
let hash = rcrypt::hash(&mypass, DEFAULT_COST).unwrap();
// verify
assert!(rcrypt::verify(&mypass, &hash).unwrap());
The usage remains just the same for users who use the bcrypt crate, except that the hash
method returns a Vec<u8>
instead of a String
, while for the verify
method you need to pass a &[u8]
for the hash.
Getting back your bcrypt hash
If for some reason you need a String
with the bcrypt hash from your rcrypt hash, you can do that too!
Here's the procedure:
use rcrypt::DEFAULT_COST;
let rhash = rcrypt::hash("mypassword", DEFAULT_COST).unwrap();
// now let's get the bcrypt hash from the rcrypt hash
let bhash = rcrypt::bmcf::decode_into_mcf(&rhash).unwrap();
How it works
The smaller hash sizes result by rcrypt
producing binary hashes and merging hash fields, in accordance
with the BMCF spec.
- The field separators in the MCF hash are not present in hashes generated by
rcrypt
- The cost and scheme fields are merged into one field
- The hashes generated by rcrypt do not use base64 which results in lesser bytes being used to store the salt+digest
Acknowledgements
- The Binary Modular Crypt Format specification by Andre DeMarre
- The original bcrypt implementation in Rust by Vincent Prouillet. The underlying
bcrypt implementation used in this crate, and the public API are heavily inspired by the
bcrypt
crate
License
This crate is distributed under the Apache-2.0 License.
Dependencies
~0.7–1MB
~19K SLoC