Rust library for hashing passwords using Argon2, the password-hashing function that won the Password Hashing Competition (PHC).
To use rust-argon2
, add the following to your Cargo.toml:
[dependencies]
rust-argon2 = "2.1"
And the following to your crate root:
extern crate argon2;
Create a password hash using the defaults and verify it:
use argon2::{self, Config};
let password = b"password";
let salt = b"randomsalt";
let config = Config::default();
let hash = argon2::hash_encoded(password, salt, &config).unwrap();
let matches = argon2::verify_encoded(&hash, password).unwrap();
assert!(matches);
Create a password hash with custom settings and verify it:
use argon2::{self, Config, Variant, Version};
let password = b"password";
let salt = b"othersalt";
let config = Config {
variant: Variant::Argon2i,
version: Version::Version13,
mem_cost: 65536,
time_cost: 10,
lanes: 4,
secret: &[],
ad: &[],
hash_length: 32
};
let hash = argon2::hash_encoded(password, salt, &config).unwrap();
let matches = argon2::verify_encoded(&hash, password).unwrap();
assert!(matches);
This crate has the same limitation as the blake2-rfc
crate that it uses.
It does not attempt to clear potentially sensitive data from its work
memory. To do so correctly without a heavy performance penalty would
require help from the compiler. It's better to not attempt to do so than to
present a false assurance.
This version uses the standard implementation and does not yet implement optimizations. Therefore, it is not the fastest implementation available.
Rust-argon2 is dual licensed under the MIT and Apache 2.0 licenses, the same licenses as the Rust compiler.
Contributions are welcome. By submitting a pull request you are agreeing to make you work available under the license terms of the Rust-argon2 project.