Expand description
RustCrypto: Argon2
Pure Rust implementation of the Argon2 password hashing function.
About
Argon2 is a memory-hard key derivation function chosen as the winner of the Password Hashing Competition in July 2015.
It implements the following three algorithmic variants:
- Argon2d: maximizes resistance to GPU cracking attacks
- Argon2i: optimized to resist side-channel attacks
- Argon2id: (default) hybrid version combining both Argon2i and Argon2d
Support is provided for embedded (i.e. no_std
) environments, including
ones without alloc
support.
Minimum Supported Rust Version
Rust 1.65 or higher.
Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.
SemVer Policy
- All on-by-default features of this library are covered by SemVer
- MSRV is considered exempt from SemVer as noted above
License
Licensed under either of:
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
Usage
Password Hashing
This API hashes a password to a “PHC string” suitable for the purposes of password-based authentication. Do not use this API to derive cryptographic keys: see the “key derivation” usage example below.
use argon2::{
password_hash::{
rand_core::OsRng,
PasswordHash, PasswordHasher, PasswordVerifier, SaltString
},
Argon2
};
let password = b"hunter42"; // Bad password; don't actually use!
let salt = SaltString::generate(&mut OsRng);
// Argon2 with default params (Argon2id v19)
let argon2 = Argon2::default();
// Hash password to PHC string ($argon2id$v=19$...)
let password_hash = argon2.hash_password(password, &salt)?.to_string();
// Verify password against PHC string.
//
// NOTE: hash params from `parsed_hash` are used instead of what is configured in the
// `Argon2` instance.
let parsed_hash = PasswordHash::new(&password_hash)?;
assert!(Argon2::default().verify_password(password, &parsed_hash).is_ok());
Key Derivation
This API is useful for transforming a password into cryptographic keys for e.g. password-based encryption.
use argon2::Argon2;
let password = b"hunter42"; // Bad password; don't actually use!
let salt = b"example salt"; // Salt should be unique per password
let mut output_key_material = [0u8; 32]; // Can be any desired size
Argon2::default().hash_password_into(password, salt, &mut output_key_material)?;
Re-exports
pub use password_hash;
password-hash
Structs
- Argon2 context.
- Associated data
- Structure for the (1 KiB) memory block implemented as 128 64-bit words.
- Key identifier
- Argon2 password hash parameters.
- Builder for Argon2
Params
. - PasswordHash
password-hash
Password hash.
Enums
- Argon2 primitive type: variants of the algorithm.
- Error type.
- Version of the algorithm.
Constants
- ARGON2D_IDENT
password-hash
Argon2d algorithm identifier - ARGON2ID_IDENT
password-hash
Argon2id algorithm identifier - ARGON2I_IDENT
password-hash
Argon2i algorithm identifier - Maximum password length in bytes.
- Maximum salt length in bytes.
- Maximum secret key length in bytes.
- Minimum salt length in bytes.
- Recommended salt length for password hashing in bytes.
Traits
- PasswordHasher
password-hash
Trait for password hashing functions. - PasswordVerifier
password-hash
Trait for password verification.
Type Aliases
- Result with argon2’s
Error
type.