Module dryoc::classic::crypto_pwhash
source · Expand description
Password hashing
Implements libsodium’s crypto_pwhash_* functions. This implementation
currently only supports Argon2i and Argon2id algorithms, and does not
support scrypt.
To use the string-based functions, the base64 crate feature must be
enabled.
For details, refer to libsodium docs.
Classic API example, key derivation
use base64::{Engine as _, engine::general_purpose};
use dryoc::classic::crypto_pwhash::*;
use dryoc::rng::copy_randombytes;
use dryoc::constants::{CRYPTO_SECRETBOX_KEYBYTES, CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE, CRYPTO_PWHASH_SALTBYTES};
let mut key = [0u8; CRYPTO_SECRETBOX_KEYBYTES];
// Randomly generate a salt
let mut salt = [0u8; CRYPTO_PWHASH_SALTBYTES];
copy_randombytes(&mut salt);
// Create a really good password
let password = b"It is by riding a bicycle that you learn the contours of a country best, since you have to sweat up the hills and coast down them.";
crypto_pwhash(
&mut key,
password,
&salt,
CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE,
PasswordHashAlgorithm::Argon2id13,
)
.expect("pwhash failed");
// now `key` can be used as a secret key
println!("key = {}", general_purpose::STANDARD_NO_PAD.encode(&key));Enums
- Password hash algorithm implementations.
Functions
- Hashes
passwordwithsalt, placing the resulting hash intooutput. - crypto_pwhash_str
base64Wrapper forcrypto_pwhashthat returns a string encoding of a hashed password with a random salt, suitable for use with password hash storage (i.e., in a database). Can be used to verify a password usingcrypto_pwhash_str_verify. - Checks if the parameters for
hashed_passwordmatch those passed to the function. Returnsfalseif the parameters match, andtrueif the parameters are mismatched (requiring a rehash). - crypto_pwhash_str_verify
base64Verifies thathashed_passwordis valid forpassword, assuming the hashed password was encoded usingcrypto_pwhash_str.