#bcrypt #password #web #hash

bcrypt

Easily hash and verify passwords using bcrypt

12 unstable releases (3 breaking)

0.4.0 Apr 3, 2019
0.3.0 Jan 23, 2019
0.2.2 Jan 22, 2019
0.2.1 Oct 22, 2018
0.1.0 Dec 24, 2015

#41 in Cryptography

Download history 371/week @ 2018-12-20 431/week @ 2018-12-27 1055/week @ 2019-01-03 800/week @ 2019-01-10 780/week @ 2019-01-17 870/week @ 2019-01-24 778/week @ 2019-01-31 590/week @ 2019-02-07 891/week @ 2019-02-14 971/week @ 2019-02-21 927/week @ 2019-02-28 731/week @ 2019-03-07 901/week @ 2019-03-14 999/week @ 2019-03-21 882/week @ 2019-03-28

3,695 downloads per month
Used in 13 crates (9 directly)

MIT license

21KB
469 lines

bcrypt

Build Status Documentation

Installation

Add the following to Cargo.toml:

bcrypt = "0.4"

The minimum Rust version is 1.27.2

Usage

The crate makes 3 things public: DEFAULT_COST, hash, verify.

extern crate bcrypt;

use bcrypt::{DEFAULT_COST, hash, verify};

let hashed = hash("hunter2", DEFAULT_COST)?;
let valid = verify("hunter2", &hashed)?;

The cost needs to be an integer between 4 and 31 (see benchmarks to have an idea of the speed for each), the DEFAULT_COST is 12.

Benchmarks

Speed depends on the cost used: the highest the slowest. Here are some benchmarks on my 4 years old laptop to give you some ideas on the cost/speed ratio. Note that I don't go above 14 as it takes too long.

test bench_cost_4       ... bench:   1,197,414 ns/iter (+/- 112,856)
test bench_cost_10      ... bench:  73,629,975 ns/iter (+/- 4,439,106)
test bench_cost_default ... bench: 319,749,671 ns/iter (+/- 29,216,326)
test bench_cost_14      ... bench: 1,185,802,788 ns/iter (+/- 37,571,986)

Acknowledgments

This gist for the hash splitting and the null termination.

Changelog

  • 0.4.0: make DEFAULT_COST const instead of static
  • 0.3.0: forbid NULL bytes in passwords & update dependencies
  • 0.2.2: update rand
  • 0.2.1: update rand
  • 0.2.0: replace rust-crypto with blowfish, use some more modern Rust things like ? and handle more errors
  • 0.1.6: update rand and base64 deps
  • 0.1.5: update lazy-static to 1.0
  • 0.1.4: Replace rustc-serialize dependency with bcrypt
  • 0.1.3: Fix panic when password > 72 chars
  • 0.1.1: make BcryptResult, BcryptError public and update dependencies
  • 0.1.0: initial release

Dependencies

~1.5MB
~19K SLoC