[−][src]Struct password_hash::Output
Output from password hashing functions, i.e. the "hash" or "digest" as raw bytes.
The Output
type implements the RECOMMENDED best practices described in
the PHC string format specification, namely:
The hash output, for a verification, must be long enough to make preimage attacks at least as hard as password guessing. To promote wide acceptance, a default output size of 256 bits (32 bytes, encoded as 43 characters) is recommended. Function implementations SHOULD NOT allow outputs of less than 80 bits to be used for password verification.
Recommended length
Per the description above, the recommended default length for an Output
of a password hashing function is 32-bytes (256-bits).
Constraints
The above guidelines are interpreted into the following constraints:
- Minimum length: 10-bytes (80-bits)
- Maximum length: 64-bytes (512-bits)
The specific recommendation of a 64-byte maximum length is taken as a best practice from the hash output guidelines for Argon2 Encoding given in the same document:
The hash output...length shall be between 12 and 64 bytes (16 and 86 characters, respectively). The default output length is 32 bytes (43 characters).
Based on this guidance, this type enforces an upper bound of 64-bytes as a reasonable maximum, and recommends using 32-bytes.
Constant-time comparisons
The PartialEq
and Eq
trait impls for Output
provide a
non-short-circuiting equality comparison.
There are few cases where this may actually helpful from a practical
perspective, namely cases where salts are predictable by an attacker.
Due to the limited degree in which such comparisons may be helpful,
this crate does not loop in additional dependencies for
constant-time comparisons (e.g. subtle
).
The extent to which constant-time comparisons of password hashes is actually helpful in practical contexts topic of considerable debate. This library has elected to use a non-short-circuiting comparison as a safer ("belt-and-suspenders") default, and also to head off any potential debates around the issue.
Implementations
impl Output
[src]
pub const fn min_len() -> usize
[src]
Minimum length of Output
string: 10-bytes.
See type-level documentation about Output
for more information.
pub const fn max_len() -> usize
[src]
Maximum length of Output
string: 64-bytes.
See type-level documentation about Output
for more information.
pub const fn b64_max_len() -> usize
[src]
pub fn new(input: &[u8]) -> Result<Self, OutputError>
[src]
Create a Output
from the given byte slice, validating it according
to Output::min_len
and Output::max_len
length restrictions.
pub fn init_with<F>(output_size: usize, f: F) -> Result<Self, OutputError> where
F: FnOnce(&mut [u8]) -> Result<(), OutputError>,
[src]
F: FnOnce(&mut [u8]) -> Result<(), OutputError>,
Initialize an Output
using the provided method, which is given
a mutable byte slice into which it should write the output.
The output_size
(in bytes) must be known in advance, as well as at
least Output::min_len
bytes and at most Output::max_len
bytes.
pub fn as_bytes(&self) -> &[u8]
[src]
Borrow the output value as a byte slice.
pub fn len(&self) -> usize
[src]
Get the length of the output value as a byte slice.
pub fn b64_decode(input: &str) -> Result<Self, OutputError>
[src]
Parse b64
-encoded Output
, i.e. using the PHC string
specification's restricted interpretation of Base64.
pub fn b64_encode<'a>(&self, out: &'a mut [u8]) -> Result<&'a str, OutputError>
[src]
Write b64
-encoded Output
to the provided buffer, returning
a sub-slice containing the encoded data.
Returns an error if the buffer is too short to contain the output.
pub fn b64_len(&self) -> usize
[src]
Trait Implementations
impl AsRef<[u8]> for Output
[src]
impl Clone for Output
[src]
fn clone(&self) -> Output
[src]
pub fn clone_from(&mut self, source: &Self)
1.0.0[src]
impl Copy for Output
[src]
impl Debug for Output
[src]
impl Display for Output
[src]
impl Eq for Output
[src]
impl FromStr for Output
[src]
type Err = OutputError
The associated error which can be returned from parsing.
fn from_str(s: &str) -> Result<Self, OutputError>
[src]
impl PartialEq<Output> for Output
[src]
impl StructuralEq for Output
[src]
impl TryFrom<&'_ [u8]> for Output
[src]
type Error = OutputError
The type returned in the event of a conversion error.
fn try_from(input: &[u8]) -> Result<Output, OutputError>
[src]
Auto Trait Implementations
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
pub fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,