Generate PSKs and appropriate hashes for IoT devices

I wrote a program to securely generate PSKs for IoT devices (usually identified by their MAC address).
The program outputs both the plain pre-shared key (base64 encoded) since it needs to be written to the device and the Argon2 hash for storage in the IoT backend database.

I'd appreciate any feedback, especially regarding security and the use of idiomatic Rust.

It seems like the use of Hasher doesn’t add much practical value in this case. The additional indirection doesn’t seem to solve any significant problem. Most of the logic—such as deciding which algorithm to use and acquiring necessary resources—still happens in main.

For example, the lines in main:

let hash = csprng
    .hasher(&argon2)
    .hash(&psk)
    .expect("could not hash key");

Could be simplified without using the traits and Hasher object, like this:

let salt = SaltString::generate(&mut csprng);
let hash = argon2
    .hash_password(&psk, &salt)
    .expect("could not hash key")
    .to_string();

When designing abstractions in software, aim to solve a problem and provide a clear benefit. For your use case, you might consider creating a structure that instantiates the necessary cryptographic primitives and encoders. Then, you could implement a method like create_key_and_hash(keysize: u32) that returns a tuple (psk, hash) for example.

1 Like