Module dryoc::classic::crypto_pwhash
source · Expand description
Password hashing
Implements libsodium’s crypto_pwhash_* functions. This implementation
currently only supports Argon2i and Argon2id algorithms, and does not
support scrypt.
To use the string-based functions, the base64 crate feature must be
enabled.
For details, refer to libsodium docs.
Classic API example, key derivation
use base64::{Engine as _, engine::general_purpose};
use dryoc::classic::crypto_pwhash::*;
use dryoc::rng::copy_randombytes;
use dryoc::constants::{CRYPTO_SECRETBOX_KEYBYTES, CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE, CRYPTO_PWHASH_SALTBYTES};
let mut key = [0u8; CRYPTO_SECRETBOX_KEYBYTES];
// Randomly generate a salt
let mut salt = [0u8; CRYPTO_PWHASH_SALTBYTES];
copy_randombytes(&mut salt);
// Create a really good password
let password = b"It is by riding a bicycle that you learn the contours of a country best, since you have to sweat up the hills and coast down them.";
crypto_pwhash(
&mut key,
password,
&salt,
CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE,
PasswordHashAlgorithm::Argon2id13,
)
.expect("pwhash failed");
// now `key` can be used as a secret key
println!("key = {}", general_purpose::STANDARD_NO_PAD.encode(&key));Enums
Password hash algorithm implementations.
Functions
Hashes
password with salt, placing the resulting hash into output.crypto_pwhash_str
base64Wrapper for
crypto_pwhash that returns a string encoding of a hashed
password with a random salt, suitable for use with password hash storage
(i.e., in a database). Can be used to verify a password using
crypto_pwhash_str_verify.Checks if the parameters for
hashed_password match those passed to the
function. Returns false if the parameters match, and true if the
parameters are mismatched (requiring a rehash).crypto_pwhash_str_verify
base64Verifies that
hashed_password is valid for password, assuming the hashed
password was encoded using crypto_pwhash_str.