Crate bonsaidb::local::argon2

RustCrypto: Argon2

Pure Rust implementation of the Argon2 password hashing function.

Documentation

About

Argon2 is a memory-hard key derivation function chosen as the winner of the Password Hashing Competition in July 2015.

It implements the following three algorithmic variants:

• Argon2d: maximizes resistance to GPU cracking attacks
• Argon2i: optimized to resist side-channel attacks
• Argon2id: (default) hybrid version combining both Argon2i and Argon2d

Support is provided for embedded (i.e. no_std) environments, including ones without alloc support.

Minimum Supported Rust Version

Rust 1.65 or higher.

Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.

SemVer Policy

• All on-by-default features of this library are covered by SemVer
• MSRV is considered exempt from SemVer as noted above

License

Licensed under either of:

• Apache License, Version 2.0
• MIT license

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Usage

Password Hashing

This API hashes a password to a “PHC string” suitable for the purposes of password-based authentication. Do not use this API to derive cryptographic keys: see the “key derivation” usage example below.

use argon2::{
    password_hash::{
        rand_core::OsRng,
        PasswordHash, PasswordHasher, PasswordVerifier, SaltString
    },
    Argon2
};

let password = b"hunter42"; // Bad password; don't actually use!
let salt = SaltString::generate(&mut OsRng);

// Argon2 with default params (Argon2id v19)
let argon2 = Argon2::default();

// Hash password to PHC string ($argon2id$v=19$...)
let password_hash = argon2.hash_password(password, &salt)?.to_string();

// Verify password against PHC string.
//
// NOTE: hash params from `parsed_hash` are used instead of what is configured in the
// `Argon2` instance.
let parsed_hash = PasswordHash::new(&password_hash)?;
assert!(Argon2::default().verify_password(password, &parsed_hash).is_ok());

Key Derivation

This API is useful for transforming a password into cryptographic keys for e.g. password-based encryption.

use argon2::Argon2;

let password = b"hunter42"; // Bad password; don't actually use!
let salt = b"example salt"; // Salt should be unique per password

let mut output_key_material = [0u8; 32]; // Can be any desired size
Argon2::default().hash_password_into(password, salt, &mut output_key_material)?;

Modules

• password_hash
  RustCrypto: Password Hashing Traits

Structs

• Argon2
  Argon2 context.
• AssociatedData
  Associated data
• Block
  Structure for the (1 KiB) memory block implemented as 128 64-bit words.
• KeyId
  Key identifier
• Params
  Argon2 password hash parameters.
• ParamsBuilder
  Builder for Argon2 Params.
• PasswordHash
  Password hash.

Enums

• Algorithm
  Argon2 primitive type: variants of the algorithm.
• Error
  Error type.
• Version
  Version of the algorithm.

Constants

• ARGON2D_IDENT
  Argon2d algorithm identifier
• ARGON2ID_IDENT
  Argon2id algorithm identifier
• ARGON2I_IDENT
  Argon2i algorithm identifier
• MAX_PWD_LEN
  Maximum password length in bytes.
• MAX_SALT_LEN
  Maximum salt length in bytes.
• MAX_SECRET_LEN
  Maximum secret key length in bytes.
• MIN_SALT_LEN
  Minimum salt length in bytes.
• RECOMMENDED_SALT_LEN
  Recommended salt length for password hashing in bytes.

Traits

• PasswordHasher
  Trait for password hashing functions.
• PasswordVerifier
  Trait for password verification.

Type Aliases

• Result
  Result with argon2’s Error type.