Module pwhash::bcrypt [−] [src]

Standard *BSD hash.

Bcrypt is a hashing algorithm based on the Blowfish stream cipher, originally developed for OpenBSD and since adopted on other BSD variants and other systems. It has a large salt, variable number of rounds, and no known weaknesses.

Examples

To hash a password with a randomly generated salt, default cost, and default output variant (2b):

use pwhash::bcrypt;

let hash = bcrypt::hash("password").unwrap();

To use a different variant (2y), while letting the program pick the salt and use the default cost:

use pwhash::bcrypt::{self, BcryptSetup, BcryptVariant};

let hash = bcrypt::hash_with(BcryptSetup {
               variant: Some(BcryptVariant::V2y),
               ..Default::default() },
           "password").unwrap();

Parameters

Password length: up to 72 characters. Longer passwords are truncated to the maximum length.
Salt length: 16 random bytes, encoded as 22 Base64 characters.
Cost: logarithmic value between 4 and 31, inclusive. Increasing the value by 1 doubles the amount of work. The default is 8.

Hash Format

The format of the hash is ${variant}${cost}${salt}{checksum}, where:

{variant} is one of 2a, 2b, or 2y. The default is 2b. The actual computation is the same for all three variants; the choice exists in order to retain compatibility with other software. See BcryptVariant for details.
{cost} is a two-digit decimal cost value between 4 and 31. Values below 10 have a leading zero.
{salt} is a 22-character Base64 encoding of the 16 bytes of salt. The salt must be exactly this long.
{checksum} is a 31-character Base64 encoding of the computed hash.

Structs

BcryptSetup

Setup struct for bcrypt.

Enums

BcryptVariant

Identifiers of algorithm variants which can be produced.

Constants

DEFAULT_COST	Default cost.
MAX_COST	Maximum cost.
MIN_COST	Minimum cost.

Traits

IntoBcryptSetup

A trait for converting a type into a BcryptSetup struct.

Functions

hash	Hash a password with a randomly generated salt, default cost, and default variant.
hash_with	Hash a password with user-provided parameters.
verify	Verify that the hash corresponds to a password.