[ANN] password-auth v0.1: a simple, easy-to-use password authentication library

Announcing the initial release of the password-auth crate!

password-auth is designed with a simple API which eliminates as much complexity and user choice as possible. It only has two functions:

pub fn generate_hash(password: impl AsRef<[u8]>) -> String;
pub fn verify_password(password: impl AsRef<[u8]>, hash: &str) -> Result<(), VerifyError>;

The generate_hash function generates a password hash from the provided password. The verify_password function verifies the provided password against a password hash, returning an error if the password is incorrect. That's it!

Behind the scenes the crate is using the multi-algorithm support in the password-hash crate to support multiple password hashing algorithms simultaneously. By default it supports Argon2 (using the latest OWASP recommended parameters), but it can also optionally support PBKDF2 and scrypt by enabling crate features.

When multiple algorithms are enabled, it will still default to Argon2 for generate_hash, but will be able to verify password hashes from PBKDF2 and scrypt as well, if you have them in your password database.

We might consider adding bcrypt support in the future, but this release does not include it.

Enjoy!

10 Likes

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.