Collection of password hashing algorithms, otherwise known as password-based key derivation functions, written in pure Rust.
| Algorithm | Crate | Crates.io | Documentation | MSRV |
|---|---|---|---|---|
| Argon2 | argon2 |  |  |  |
| Balloon | balloon‑hash |  |  | |
| bcrypt‑pbkdf | bcrypt‑pbkdf |  |  | |
| PBKDF2 | pbkdf2 |  |  | |
| scrypt | scrypt |  |  | |
| SHA-crypt | sha‑crypt |  |  | |
Please see the OWASP Password Storage Cheat Sheet for assistance in selecting an appropriate algorithm for your use case.
The following code example shows how to verify a password when stored using one of many possible password hashing algorithms implemented in this repository.
# fnmain() -> Result<(),Box<dyn core::error::Error>>{use password_hash::{phc,PasswordVerifier};use argon2::Argon2;use pbkdf2::Pbkdf2;use scrypt::Scrypt;// Can be: `$argon2`, `$pbkdf2`, or `$scrypt`let hash_string = "$argon2i$v=19$m=65536,t=1,p=1$c29tZXNhbHQAAAAAAAAAAA$+r0d29hqEB0yasKr55ZgICsQGSkl0v0kgwhd+U3wyRo";let input_password = "password";let password_hash = phc::PasswordHash::new(&hash_string)?;// Trait objects for algorithms to supportlet algs:&[&dynPasswordVerifier<phc::PasswordHash>] = &[&Argon2::default(),&Pbkdf2::default(),&Scrypt::default()];for alg in algs {if alg.verify_password(input_password.as_ref(),&password_hash).is_ok(){returnOk(());}}// If we get here, the password is invalid # Err(Box::new(password_hash::Error::PasswordInvalid)) # }MSRV bumps are considered breaking changes and will be performed only with minor version bump.
All crates licensed under either of
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
