Lib.rs

Cryptography
#password-hash #password-hashing #bcrypt

rusty_password

Rusting passwords that cant be recognized, (aka hashes using bcrypt)

by Erkin Tek, Chris Williams

1 unstable release

Uses old Rust 2015

0.1.2 Mar 10, 2022

#13 in #bcrypt

MIT license

7KB
109 lines

Updated Easy password hashing

Supported algorithms:

  • Bcrypt

Motivation

Orginal library (https://github.com/ChrisPWill/easy_password) wont compile so I cloned and updated libraries.

Using Bcrypt as is results in passwords being limited to a length of 72. This means it's not easy to salt the password or support arbitrarily long user passwords.

This library performs a HMAC with SHA256 used as the hash function before feeding the result into Bcrypt. As such, any length of password can be used with Bcrypt when passwords are made or verified with this library.

Usage

Hashing a password:

extern crate easy_password;

use easy_password::bcrypt::hash_password;

let bcrypt_rounds = 12; // Secure default
let hash: String =
    hash_password("my_password", b"secure_key", 12).unwrap();

Verifying a hash:

extern crate easy_password;

use easy_password::bcrypt::hash_password;

let success: bool =
    verify_password("test_password", hash.as_str(), b"secure_key").unwrap();

License

MIT License

Dependencies

~1.5MB
~25K SLoC