Function orion::pwhash::hash_password_verify

source ·

pub fn hash_password_verify(
    expected: &PasswordHash,
    password: &Password
) -> Result<(), UnknownCryptoError>

Available on crate feature safe_api only.

Expand description

Hash and verify a password using Argon2i. The Argon2i parameters iterations and memory will be pulled from the expected: &PasswordHash argument. If you want to manually specify the iterations and memory for Argon2i to use in hashing the password argument, see the hazardous::kdf module.

Example:

use orion::pwhash;

let password = pwhash::Password::from_slice(b"Secret password")?;
let wrong_password = pwhash::Password::from_slice(b"hunter2")?;

// Pretend these are stored somewhere and out-of-mind, e.g. in a database.
let hash1 = pwhash::hash_password(&password, 3, 1<<15)?;
let hash2 = pwhash::hash_password(&password, 4, 2<<15)?;

// We don't have to remember which password used what parameters when it's
// time to verify them. Both will correctly return `Ok(())`.
assert!(pwhash::hash_password_verify(&hash1, &password).is_ok());
assert!(pwhash::hash_password_verify(&hash2, &password).is_ok());

// The only way to get a failing result is to use the wrong password.
assert!(pwhash::hash_password_verify(&hash1, &wrong_password).is_err());