• Stars
    star
    335
  • Rank 125,904 (Top 3 %)
  • Language
    Rust
  • License
    MIT License
  • Created almost 9 years ago
  • Updated 5 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Easily hash and verify passwords using Bcrypt

bcrypt

Safety Dance Build Status Documentation

Installation

Add the following to Cargo.toml:

bcrypt = "0.14"

The minimum Rust version is 1.57.0.

Usage

The crate makes 3 things public: DEFAULT_COST, hash, verify.

extern crate bcrypt;

use bcrypt::{DEFAULT_COST, hash, verify};

let hashed = hash("hunter2", DEFAULT_COST)?;
let valid = verify("hunter2", &hashed)?;

The cost needs to be an integer between 4 and 31 (see benchmarks to have an idea of the speed for each), the DEFAULT_COST is 12.

Benchmarks

Speed depends on the cost used: the highest the slowest. Here are some benchmarks on a 2019 Macbook Pro to give you some ideas on the cost/speed ratio. Note that I don't go above 14 as it takes too long.

test bench_cost_10      ... bench:  51,474,665 ns/iter (+/- 16,006,581)
test bench_cost_14      ... bench: 839,109,086 ns/iter (+/- 274,507,463)
test bench_cost_4       ... bench:     795,814 ns/iter (+/- 42,838)
test bench_cost_default ... bench: 195,344,338 ns/iter (+/- 8,329,675)

Acknowledgments

This gist for the hash splitting and the null termination.

Recommendations

While bcrypt works well as an algorithm, using something like Argon2 is recommended for new projects.

Changelog

  • 0.14.0: use subtle crate for constant time comparison, update base64 and bump to 2021 edition
  • 0.13.0: make zeroize dep opt-out and use fixed salt length
  • 0.12.1: zero vec containing password in the hashing function before returning the hash
  • 0.12.0: allow null bytes in password
  • 0.11.0: update deps causing big bump in MSRV
  • 0.10.1: fix panic with invalid hashes and allow 2x
  • 0.10.0: update blowfish to 0.8 and minimum Rust version to 1.43.0.
  • 0.9.0: update base64 to 0.13 and getrandom to 0.2
  • 0.8.2: fix no-std build
  • 0.8.0: constant time verification for hash, remove custom base64 code from repo and add std feature
  • 0.7.0: add HashParts::from_str and remove Error::description impl, it's deprecated
  • 0.6.3: add hash_with_salt function and make Version::format_for_version public
  • 0.6.2: update base64 to 0.12
  • 0.6.1: update base64 to 0.11
  • 0.6.0: allow users to choose the bcrypt version and default to 2b instead of 2y
  • 0.5.0: expose the inner bcrypt function + edition 2018
  • 0.4.0: make DEFAULT_COST const instead of static
  • 0.3.0: forbid NULL bytes in passwords & update dependencies
  • 0.2.2: update rand
  • 0.2.1: update rand
  • 0.2.0: replace rust-crypto with blowfish, use some more modern Rust things like ? and handle more errors
  • 0.1.6: update rand and base64 deps
  • 0.1.5: update lazy-static to 1.0
  • 0.1.4: Replace rustc-serialize dependency with bcrypt
  • 0.1.3: Fix panic when password > 72 chars
  • 0.1.1: make BcryptResult, BcryptError public and update dependencies
  • 0.1.0: initial release

More Repositories

1

tera

A template engine for Rust based on Jinja2/Django
Rust
3,512
star
2

validator

Simple validation for Rust structs
Rust
2,024
star
3

jsonwebtoken

JWT lib in rust
Rust
1,681
star
4

kickstart

A scaffolding tool to get new projects up and running quickly
Rust
363
star
5

dbmigrate

PostgreSQL/SQLite/MySQL migration tool in rust
Rust
129
star
6

rodent

Turn your laptop into a CCTV!
Python
71
star
7

scl

A simple configuration language
Rust
63
star
8

ng-boilerplate

AngularJS boilerplate app
CSS
60
star
9

webrust

Rust
51
star
10

rust-cli-template

A template to get started with writing cross-platforms CLI applications
Shell
51
star
11

tera2

Rust
39
star
12

react-ts-boilerplate

A React + Typescript + Sass boilerplate
TypeScript
33
star
13

django-drf-template

A django template to start a DRF project
Python
28
star
14

graphql-parser

Rust
20
star
15

vincentprouillet

My website
HTML
15
star
16

flow-typescript

JavaScript
9
star
17

invoicer

TypeScript
8
star
18

vat

VAT number validation and VAT rates for the EU
Rust
7
star
19

playbook-mailinabox

Shell
6
star
20

gulp-example

Example setup for blogpost
CoffeeScript
6
star
21

hn-react

TypeScript
5
star
22

pelican-hyde

Port of https://github.com/poole/hyde to Pelican with slight changes
CSS
4
star
23

react-example

Basic example using react, redux and react-router.
JavaScript
3
star
24

Artemis

Entity-Components-Systems framework in coffeescript
JavaScript
3
star
25

react-redux-boilerplate

JavaScript
2
star
26

papyrus

Start of a contenteditable editor (not worked on)
JavaScript
1
star
27

kcalculator-react

TypeScript
1
star
28

markdown-benches-rs

Rust
1
star
29

dotfiles

Shell
1
star
30

serde-tera

Experiment
Rust
1
star
31

Punchstone

Game engine written in coffeescript
JavaScript
1
star
32

hackertyper

Python
1
star
33

restacular-old

REST Server
Go
1
star
34

webpack-react-typescript

JavaScript
1
star