Routine insert for hash password in a database

This is my 2nd day learning Rust. The code below works but is this "correct" way? I will create a new mod::utils::password_hasher

use argon2::{self, Config};
use rand::Rng;

struct User {
    email: String,
    password: String,
}

fn main() {
    // for example, from a user input form
    let user = User {
        email: String::from("foo@email.com"),
        password: String::from("Password123"),
    };

    let hashed_password = password_hasher(&user.password);
    println!("Original password = {}", &user.password);
    // hashed password to be inserted in a database
    println!("Hashed   password = {}", hashed_password);
}

fn password_hasher(password: &String) -> String {
    let salt: [u8; 32] = rand::thread_rng().gen();
    let config = Config::default();
    let hash = argon2::hash_encoded(password.as_bytes(), &salt, &config).unwrap();
    hash.to_string()
}
1 Like

No, probably. You throw away the salt, which renders the returned hash useless for authenticatication – you won't be able to reproduce it.

Why don't you follow the official example code?

(Sidenote: don't call functions by a name that is a noun unless they are constructors or getters. Call it hash_password(), not password_hasher().)

Thank you.