[][src]Module pwhash::bcrypt

Standard *BSD hash.

Bcrypt is a hashing algorithm based on the Blowfish stream cipher, originally developed for OpenBSD and since adopted on other BSD variants and other systems. It has a large salt, variable number of rounds, and no known weaknesses.

Examples

To hash a password with a randomly generated salt, default cost, and default output variant (2b):

use pwhash::bcrypt;

let hash = bcrypt::hash("password").unwrap();

To use a different variant (2y), while letting the program pick the salt and use the default cost:

use pwhash::bcrypt::{self, BcryptSetup, BcryptVariant};

let hash = bcrypt::hash_with(BcryptSetup {
               variant: Some(BcryptVariant::V2y),
               ..Default::default() },
           "password").unwrap();

Parameters

  • Password length: up to 72 characters. Longer passwords are truncated to the maximum length.

  • Salt length: 16 random bytes, encoded as 22 Base64 characters.

  • Cost: logarithmic value between 4 and 31, inclusive. Increasing the value by 1 doubles the amount of work. The default is 8.

Hash Format

The format of the hash is ${variant}${cost}${salt}{checksum}, where:

  • {variant} is one of 2a, 2b, or 2y. The default is 2b. The actual computation is the same for all three variants; the choice exists in order to retain compatibility with other software. See BcryptVariant for details.

  • {cost} is a two-digit decimal cost value between 4 and 31. Values below 10 have a leading zero.

  • {salt} is a 22-character Base64 encoding of the 16 bytes of salt. The salt must be exactly this long.

  • {checksum} is a 31-character Base64 encoding of the computed hash.

Structs

BcryptSetup

Setup struct for bcrypt.

Enums

BcryptVariant

Identifiers of algorithm variants which can be produced.

Constants

DEFAULT_COST

Default cost.

MAX_COST

Maximum cost.

MIN_COST

Minimum cost.

Traits

IntoBcryptSetup

A trait for converting a type into a BcryptSetup struct.

Functions

hash

Hash a password with a randomly generated salt, default cost, and default variant.

hash_with

Hash a password with user-provided parameters.

verify

Verify that the hash corresponds to a password.