Crate yescrypt

Crate yescrypt 

Source
Expand description

§RustCrypto: yescrypt

crate Docs Build Status Apache2/MIT licensed Rust Version Project Chat

Pure Rust implementation of the yescrypt password-based key derivation function.

§About

yescrypt is a variant of the scrypt password-based key derivation function and finalist in the Password Hashing Competition. It has been adopted by several Linux distributions for the system password hashing function, including Fedora, Debian, Ubuntu, and Arch.

The algorithm is described in yescrypt - a Password Hashing Competition submission.

§⚠️ Security Warning

The implementation contained in this crate has never been independently audited!

USE AT YOUR OWN RISK!

Note that this crate is in an early stage of implementation and may contain bugs or features which do not work correctly.

§Minimum Supported Rust Version (MSRV) Policy

MSRV increases are not considered breaking changes and can happen in patch releases.

The crate MSRV accounts for all supported targets and crate feature combinations, excluding explicitly unstable features.

§License

Licensed under either of:

at your option.

§Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

§Usage

§Password Hashing

NOTE: the simple crate feature must be enabled (on-by-default)

let password = b"pleaseletmein"; // don't actually use this as a password!
let salt = b"WZaPV7LSUEKMo34."; // unique per password, ideally 16-bytes and random
let params = yescrypt::Params::default(); // use recommended settings
let password_hash = yescrypt::yescrypt(password, salt, &params)?;
assert!(password_hash.starts_with("$y$"));

// verify password is correct for the given hash
yescrypt::yescrypt_verify(password, &password_hash)?;

§Key Derivation Function (KDF)

let password = b"pleaseletmein"; // don't actually use this as a password!
let salt = b"WZaPV7LSUEKMo34."; // unique per password, ideally 16-bytes and random
let params = yescrypt::Params::default(); // use recommended settings

let mut output = [0u8; 32]; // can be sized as desired
yescrypt::yescrypt_kdf(password, salt, &params, &mut output)?;

Structs§

Params
yescrypt algorithm parameters.

Enums§

Error
Error type.
Mode
yescrypt modes: various ways yescrypt can operate.

Functions§

yescryptsimple
yescrypt password hashing function.
yescrypt_kdf
yescrypt Key Derivation Function (KDF)
yescrypt_verifysimple
Verify a password matches the given yescrypt password hash.

Type Aliases§

Result
Result type for the yescrypt crate with its Error type.