[][src]Module pwhash::sha1_crypt

HMAC-SHA1 based hash.

This algorithm was developed for NetBSD. It's a modern algorithm with a large salt and a variable number of rounds. Although the SHA-1 hash, on which it's based, is considered insecure and is being phased out in the PKI environment, its use in a HMAC setup, as is the case here, is still acceptable.

Example

use pwhash::sha1_crypt;

assert_eq!(sha1_crypt::hash_with(
    "$sha1$19703$iVdJqfSE$v4qYKl1zqYThwpjJAoKX6UvlHq/a",
    "password").unwrap(),
    "$sha1$19703$iVdJqfSE$v4qYKl1zqYThwpjJAoKX6UvlHq/a");

Parameters

  • Password length: unlimited.

  • Salt length: 0 to 64 characters. Default is 8.

  • Rounds: 1 to 232-1. Default is 24680, which is slightly varied if chosen.

Hash Format

The format of the hash is $sha1${rounds}${salt}${checksum}, where:

  • {rounds} is the number of rounds, encoded as a decimal number without leading zeroes.

  • {salt} is the salt string.

  • {checksum} is a 28-character Base64 encoding of the checksum.

Constants

DEFAULT_ROUNDS

Default number of rounds.

DEFAULT_SALT_LEN

Default salt length.

Functions

hash

Hash a password with a randomly generated salt and the default number of rounds (varied by a small amount, like on NetBSD).

hash_with

Hash a password with user-provided parameters.

verify

Verify that the hash corresponds to a password.