[−][src]Module pwhash::bcrypt
Standard *BSD hash.
Bcrypt is a hashing algorithm based on the Blowfish stream cipher, originally developed for OpenBSD and since adopted on other BSD variants and other systems. It has a large salt, variable number of rounds, and no known weaknesses.
Examples
To hash a password with a randomly generated salt, default cost, and default output variant (2b):
use pwhash::bcrypt; let hash = bcrypt::hash("password").unwrap();
To use a different variant (2y), while letting the program pick the salt and use the default cost:
use pwhash::bcrypt::{self, BcryptSetup, BcryptVariant}; let hash = bcrypt::hash_with(BcryptSetup { variant: Some(BcryptVariant::V2y), ..Default::default() }, "password").unwrap();
Parameters
-
Password length: up to 72 characters. Longer passwords are truncated to the maximum length.
-
Salt length: 16 random bytes, encoded as 22 Base64 characters.
-
Cost: logarithmic value between 4 and 31, inclusive. Increasing the value by 1 doubles the amount of work. The default is 8.
Hash Format
The format of the hash is
$
{variant}
$
{cost}
$
{salt}{checksum}
, where:
-
{variant}
is one of 2a, 2b, or 2y. The default is 2b. The actual computation is the same for all three variants; the choice exists in order to retain compatibility with other software. SeeBcryptVariant
for details. -
{cost}
is a two-digit decimal cost value between 4 and 31. Values below 10 have a leading zero. -
{salt}
is a 22-character Base64 encoding of the 16 bytes of salt. The salt must be exactly this long. -
{checksum}
is a 31-character Base64 encoding of the computed hash.
Structs
BcryptSetup | Setup struct for bcrypt. |
Enums
BcryptVariant | Identifiers of algorithm variants which can be produced. |
Constants
DEFAULT_COST | Default cost. |
MAX_COST | Maximum cost. |
MIN_COST | Minimum cost. |
Traits
IntoBcryptSetup | A trait for converting a type into a |
Functions
hash | Hash a password with a randomly generated salt, default cost, and default variant. |
hash_with | Hash a password with user-provided parameters. |
verify | Verify that the hash corresponds to a password. |