Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/RustCrypto/password-hashes
Password hashing functions / KDFs
https://github.com/RustCrypto/password-hashes
Last synced: 22 days ago
JSON representation
Password hashing functions / KDFs
- Host: GitHub
- URL: https://github.com/RustCrypto/password-hashes
- Owner: RustCrypto
- Created: 2017-08-16T08:31:50.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2024-05-17T13:12:03.000Z (about 1 month ago)
- Last Synced: 2024-05-21T13:54:55.648Z (about 1 month ago)
- Language: Rust
- Homepage:
- Size: 796 KB
- Stars: 593
- Watchers: 9
- Forks: 74
- Open Issues: 11
-
Metadata Files:
- Readme: README.md
- Security: SECURITY.md
Lists
- awesome-cryptography - password-hashes - Collection of password hashing algorithms, otherwise known as password-based key derivation functions, written in pure Rust. (Frameworks and Libs / Rust)
- awesome-cryptography-rust - password-hashing - based key derivation functions. (PBKDF2, scrypt). (Cryptography / Others)
- awesome-cryptography-rust - password-hashing - based key derivation functions. (PBKDF2, scrypt). (Cryptography / Others)
- awesome-stars - password-hashes
- fucking-awesome-cryptography - password-hashes - Collection of password hashing algorithms, otherwise known as password-based key derivation functions, written in pure Rust. (Frameworks and Libs / Rust)
README
# RustCrypto: Password Hashes
[![Project Chat][chat-image]][chat-link]
![Apache2/MIT licensed][license-image]
[![Dependency Status][deps-image]][deps-link]
Collection of password hashing algorithms, otherwise known as password-based key derivation functions, written in pure Rust.
## Supported Algorithms
| Algorithm | Crate | Crates.io | Documentation | MSRV |
|----------------|------------------|--------------------------------------------------------------------------------------------------------|---------------|-------------------------|
| [Argon2] | [`argon2`] | [](https://crates.io/crates/argon2) | [](https://docs.rs/argon2) | ![MSRV 1.65][msrv-1.65] |
| [Balloon] | [`balloon‑hash`] | [](https://crates.io/crates/balloon-hash) | [](https://docs.rs/balloon-hash) | ![MSRV 1.65][msrv-1.65] |
| [bcrypt‑pbkdf] | [`bcrypt‑pbkdf`] | [](https://crates.io/crates/bcrypt-pbkdf) | [](https://docs.rs/bcrypt-pbkdf) | ![MSRV 1.60][msrv-1.60] |
| [PBKDF2] | [`pbkdf2`] | [](https://crates.io/crates/pbkdf2) | [](https://docs.rs/pbkdf2) | ![MSRV 1.60][msrv-1.60] |
| [scrypt] | [`scrypt`] | [](https://crates.io/crates/scrypt) | [](https://docs.rs/scrypt) | ![MSRV 1.60][msrv-1.60] |
| [SHA-crypt] | [`sha‑crypt`] | [](https://crates.io/crates/sha-crypt) | [](https://docs.rs/sha-crypt) | ![MSRV 1.60][msrv-1.60] |
Please see the [OWASP Password Storage Cheat Sheet] for assistance in selecting an appropriate algorithm for your use case.
## Usage
The following code example shows how to verify a password when stored using one
of many possible password hashing algorithms implemented in this repository.
```rust
use password_hash::{PasswordHash, PasswordVerifier};
use argon2::Argon2;
use pbkdf2::Pbkdf2;
use scrypt::Scrypt;
// Can be: `$argon2`, `$pbkdf2`, or `$scrypt`
let hash_string = "$argon2i$v=19$m=65536,t=1,p=1$c29tZXNhbHQAAAAAAAAAAA$+r0d29hqEB0yasKr55ZgICsQGSkl0v0kgwhd+U3wyRo";
let input_password = "password";
let password_hash = PasswordHash::new(&hash_string).expect("invalid password hash");
// Trait objects for algorithms to support
let algs: &[&dyn PasswordVerifier] = &[&Argon2::default(), &Pbkdf2, &Scrypt];
password_hash.verify_password(algs, input_password).expect("invalid password");
```
## Minimum Supported Rust Version (MSRV) Policy
MSRV bumps are considered breaking changes and will be performed only with minor version bump.
## License
All crates licensed under either of
* [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)
* [MIT license](http://opensource.org/licenses/MIT)
at your option.
### Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
[//]: # (badges)
[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260046-password-hashes
[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
[deps-image]: https://deps.rs/repo/github/RustCrypto/password-hashes/status.svg
[deps-link]: https://deps.rs/repo/github/RustCrypto/password-hashes
[msrv-1.60]: https://img.shields.io/badge/rustc-1.60.0+-blue.svg
[msrv-1.65]: https://img.shields.io/badge/rustc-1.65.0+-blue.svg
[//]: # (crates)
[`argon2`]: ./argon2
[`balloon‑hash`]: ./balloon-hash
[`bcrypt‑pbkdf`]: ./bcrypt-pbkdf
[`pbkdf2`]: ./pbkdf2
[`scrypt`]: ./scrypt
[`sha‑crypt`]: ./sha-crypt
[//]: # (general links)
[Argon2]: https://en.wikipedia.org/wiki/Argon2
[Balloon]: https://en.wikipedia.org/wiki/Balloon_hashing
[bcrypt‑pbkdf]: https://flak.tedunangst.com/post/bcrypt-pbkdf
[PBKDF2]: https://en.wikipedia.org/wiki/PBKDF2
[scrypt]: https://en.wikipedia.org/wiki/Scrypt
[SHA-crypt]: https://www.akkadia.org/drepper/SHA-crypt.txt
[OWASP Password Storage Cheat Sheet]: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html