#bcrypt #password #web #hash

bcrypt

Easily hash and verify passwords using bcrypt

17 unstable releases (5 breaking)

✓ Uses Rust 2018 edition

new 0.6.3 Mar 26, 2020
0.6.1 Oct 26, 2019
0.5.0 Jun 29, 2019
0.3.0 Jan 23, 2019
0.1.0 Dec 24, 2015

#19 in Cryptography

Download history 1615/week @ 2019-12-10 1995/week @ 2019-12-17 1151/week @ 2019-12-24 1169/week @ 2019-12-31 1894/week @ 2020-01-07 2133/week @ 2020-01-14 2028/week @ 2020-01-21 1783/week @ 2020-01-28 1666/week @ 2020-02-04 1534/week @ 2020-02-11 1849/week @ 2020-02-18 1984/week @ 2020-02-25 1639/week @ 2020-03-03 1478/week @ 2020-03-10 1909/week @ 2020-03-17 1945/week @ 2020-03-24

7,537 downloads per month
Used in 30 crates (21 directly)

MIT license

25KB
557 lines

bcrypt

Build Status Documentation

Installation

Add the following to Cargo.toml:

bcrypt = "0.6"

The minimum Rust version is 1.34.0

Usage

The crate makes 3 things public: DEFAULT_COST, hash, verify.

extern crate bcrypt;

use bcrypt::{DEFAULT_COST, hash, verify};

let hashed = hash("hunter2", DEFAULT_COST)?;
let valid = verify("hunter2", &hashed)?;

The cost needs to be an integer between 4 and 31 (see benchmarks to have an idea of the speed for each), the DEFAULT_COST is 12.

Benchmarks

Speed depends on the cost used: the highest the slowest. Here are some benchmarks on my 4 years old laptop to give you some ideas on the cost/speed ratio. Note that I don't go above 14 as it takes too long.

test bench_cost_4       ... bench:   1,197,414 ns/iter (+/- 112,856)
test bench_cost_10      ... bench:  73,629,975 ns/iter (+/- 4,439,106)
test bench_cost_default ... bench: 319,749,671 ns/iter (+/- 29,216,326)
test bench_cost_14      ... bench: 1,185,802,788 ns/iter (+/- 37,571,986)

Acknowledgments

This gist for the hash splitting and the null termination.

Changelog

  • 0.6.3: add hash_with_salt function and make Version::format_for_version public
  • 0.6.2: update base64 to 0.12
  • 0.6.1: update base64 to 0.11
  • 0.6.0: allow users to choose the bcrypt version and default to 2b instead of 2y
  • 0.5.0: expose the inner bcrypt function + edition 2018
  • 0.4.0: make DEFAULT_COST const instead of static
  • 0.3.0: forbid NULL bytes in passwords & update dependencies
  • 0.2.2: update rand
  • 0.2.1: update rand
  • 0.2.0: replace rust-crypto with blowfish, use some more modern Rust things like ? and handle more errors
  • 0.1.6: update rand and base64 deps
  • 0.1.5: update lazy-static to 1.0
  • 0.1.4: Replace rustc-serialize dependency with bcrypt
  • 0.1.3: Fix panic when password > 72 chars
  • 0.1.1: make BcryptResult, BcryptError public and update dependencies
  • 0.1.0: initial release

Dependencies

~1MB
~17K SLoC