logo
Expand description

This crate implements the PBKDF2 key derivation function as specified in RFC 2898.

If you are only using the low-level pbkdf2 function instead of the higher-level Pbkdf2 struct to produce/verify hash strings, it’s recommended to disable default features in your Cargo.toml:

[dependencies]
pbkdf2 = { version = "0.11", default-features = false }

Usage (simple with default params)

Note: this example requires the rand_core crate with the std feature enabled for rand_core::OsRng (embedded platforms can substitute their own RNG)

Add the following to your crate’s Cargo.toml to import it:

[dependencies]
pbkdf2 = "0.10"
rand_core = { version = "0.6", features = ["std"] }

The following example demonstrates the high-level password hashing API:

use pbkdf2::{
    password_hash::{
        rand_core::OsRng,
        PasswordHash, PasswordHasher, PasswordVerifier, SaltString
    },
    Pbkdf2
};

let password = b"hunter42"; // Bad password; don't actually use!
let salt = SaltString::generate(&mut OsRng);

// Hash password to PHC string ($pbkdf2-sha256$...)
let password_hash = Pbkdf2.hash_password(password, &salt)?.to_string();

// Verify password against PHC string
let parsed_hash = PasswordHash::new(&password_hash)?;
assert!(Pbkdf2.verify_password(password, &parsed_hash).is_ok());

Re-exports

pub use password_hash;

Structs

Paramssimple

PBKDF2 params

Pbkdf2simple

PBKDF2 type for use with PasswordHasher.

Enums

Algorithmsimple

PBKDF2 variants.

Functions

Generic implementation of PBKDF2 algorithm.