I just published a new crate: argonautica, which makes argon2 password hashing simple and easy in Rust.
Argon2 won the Password Hashing Competition in 2015, a several year project to identify a successor to bcrypt, scrypt, and other common cryptographically-secure hashing algorithms.
The main focus of the crate is a simple and easy-to-use API, but…
argonautica also provides three things that other argon2 hashing crates currently lack:
- The ability to hash with a secret key (which not even the C implementation exposes publicly - it’s in the code; just not in the public API)
- Use of SIMD on stable (I know we’re getting SIMD in 1.27, but this crate uses SIMD in it’s C code; so it will run on 1.26 as well)
- The latest argon2 variant: argon2id
Hashing example:
extern crate argonautica;
use argonautica::Hasher;
fn main() {
let mut hasher = Hasher::default();
let hash = hasher
.with_password("P@ssw0rd")
.with_secret_key("\
secret key that you should really store in a .env file \
instead of in code, but this is just an example\
")
.hash()
.unwrap();
println!("{}", &hash);
// 👆 prints a hash, which will be random since the default Hasher uses a random salt
}
Verifying example:
extern crate argonautica;
use argonautica::Verifier;
fn main() {
let mut verifier = Verifier::default();
let is_valid = verifier
.with_hash("
$argon2id$v=19$m=4096,t=192,p=4$\
o2y5PU86Vt+sr93N7YUGgC7AMpTKpTQCk4tNGUPZMY4$\
yzP/ukZRPIbZg6PvgnUUobUMbApfF9RH6NagL9L4Xr4\
")
.with_password("P@ssw0rd")
.with_secret_key("\
secret key that you should really store in a .env file \
instead of in code, but this is just an example\
")
.verify()
.unwrap();
assert!(is_valid);
}