Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/RustCrypto/password-hashes

Password hashing functions / KDFs
https://github.com/RustCrypto/password-hashes

Last synced: 2 months ago
JSON representation

Password hashing functions / KDFs

Host: GitHub
URL: https://github.com/RustCrypto/password-hashes
Owner: RustCrypto
Created: 2017-08-16T08:31:50.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2024-10-23T11:02:42.000Z (2 months ago)
Last Synced: 2024-10-31T19:22:27.892Z (2 months ago)
Language: Rust
Homepage:
Size: 833 KB
Stars: 667
Watchers: 10
Forks: 82
Open Issues: 10
Metadata Files:
- Readme: README.md
- Security: SECURITY.md

Awesome Lists containing this project

awesome-cryptography-rust - password-hashing - based key derivation functions. (PBKDF2, scrypt). (Cryptography / Others)

README

        # RustCrypto: Password Hashes

[![Project Chat][chat-image]][chat-link]

![Apache2/MIT licensed][license-image]

[![Dependency Status][deps-image]][deps-link]

Collection of password hashing algorithms, otherwise known as password-based key derivation functions, written in pure Rust.

## Supported Algorithms

| Algorithm      | Crate            | Crates.io                                                                                              | Documentation | MSRV                    |

|----------------|------------------|--------------------------------------------------------------------------------------------------------|---------------|-------------------------|

| [Argon2]       | [`argon2`]       | [![crates.io](https://img.shields.io/crates/v/argon2.svg)](https://crates.io/crates/argon2)            | [![Documentation](https://docs.rs/argon2/badge.svg)](https://docs.rs/argon2) | ![MSRV 1.65][msrv-1.65] |

| [Balloon]      | [`balloon‑hash`] | [![crates.io](https://img.shields.io/crates/v/balloon-hash.svg)](https://crates.io/crates/balloon-hash) | [![Documentation](https://docs.rs/balloon-hash/badge.svg)](https://docs.rs/balloon-hash) | ![MSRV 1.65][msrv-1.65] |

| [bcrypt‑pbkdf] | [`bcrypt‑pbkdf`] | [![crates.io](https://img.shields.io/crates/v/bcrypt-pbkdf.svg)](https://crates.io/crates/bcrypt-pbkdf) | [![Documentation](https://docs.rs/bcrypt-pbkdf/badge.svg)](https://docs.rs/bcrypt-pbkdf) | ![MSRV 1.60][msrv-1.60] |

| [PBKDF2]       | [`pbkdf2`]       | [![crates.io](https://img.shields.io/crates/v/pbkdf2.svg)](https://crates.io/crates/pbkdf2)            | [![Documentation](https://docs.rs/pbkdf2/badge.svg)](https://docs.rs/pbkdf2) | ![MSRV 1.60][msrv-1.60] |

| [scrypt]       | [`scrypt`]       | [![crates.io](https://img.shields.io/crates/v/scrypt.svg)](https://crates.io/crates/scrypt)            | [![Documentation](https://docs.rs/scrypt/badge.svg)](https://docs.rs/scrypt) | ![MSRV 1.60][msrv-1.60] |

| [SHA-crypt]    | [`sha‑crypt`]    | [![crates.io](https://img.shields.io/crates/v/sha-crypt.svg)](https://crates.io/crates/sha-crypt)      | [![Documentation](https://docs.rs/sha-crypt/badge.svg)](https://docs.rs/sha-crypt) | ![MSRV 1.60][msrv-1.60] |

Please see the [OWASP Password Storage Cheat Sheet] for assistance in selecting an appropriate algorithm for your use case.

## Usage

The following code example shows how to verify a password when stored using one

of many possible password hashing algorithms implemented in this repository.

```rust

use password_hash::{PasswordHash, PasswordVerifier};

use argon2::Argon2;

use pbkdf2::Pbkdf2;

use scrypt::Scrypt;

// Can be: `$argon2`, `$pbkdf2`, or `$scrypt`

let hash_string = "$argon2i$v=19$m=65536,t=1,p=1$c29tZXNhbHQAAAAAAAAAAA$+r0d29hqEB0yasKr55ZgICsQGSkl0v0kgwhd+U3wyRo";

let input_password = "password";

let password_hash = PasswordHash::new(&hash_string).expect("invalid password hash");

// Trait objects for algorithms to support

let algs: &[&dyn PasswordVerifier] = &[&Argon2::default(), &Pbkdf2, &Scrypt];

password_hash.verify_password(algs, input_password).expect("invalid password");

```

## Minimum Supported Rust Version (MSRV) Policy

MSRV bumps are considered breaking changes and will be performed only with minor version bump.

## License

All crates licensed under either of

 * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)

 * [MIT license](http://opensource.org/licenses/MIT)

at your option.

### Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

[//]: # (badges)

[chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg

[chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260046-password-hashes

[license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg

[deps-image]: https://deps.rs/repo/github/RustCrypto/password-hashes/status.svg

[deps-link]: https://deps.rs/repo/github/RustCrypto/password-hashes

[msrv-1.60]: https://img.shields.io/badge/rustc-1.60.0+-blue.svg

[msrv-1.65]: https://img.shields.io/badge/rustc-1.65.0+-blue.svg

[//]: # (crates)

[`argon2`]: ./argon2

[`balloon‑hash`]: ./balloon-hash

[`bcrypt‑pbkdf`]: ./bcrypt-pbkdf

[`pbkdf2`]: ./pbkdf2

[`scrypt`]: ./scrypt

[`sha‑crypt`]: ./sha-crypt

[//]: # (general links)

[Argon2]: https://en.wikipedia.org/wiki/Argon2

[Balloon]: https://en.wikipedia.org/wiki/Balloon_hashing

[bcrypt‑pbkdf]: https://flak.tedunangst.com/post/bcrypt-pbkdf

[PBKDF2]: https://en.wikipedia.org/wiki/PBKDF2

[scrypt]: https://en.wikipedia.org/wiki/Scrypt

[SHA-crypt]: https://www.akkadia.org/drepper/SHA-crypt.txt

[OWASP Password Storage Cheat Sheet]: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html