Routine insert for hash password in a database

azizazlan · January 21, 2023, 5:45am

This is my 2nd day learning Rust. The code below works but is this "correct" way? I will create a new mod::utils::password_hasher

use argon2::{self, Config};
use rand::Rng;

struct User {
    email: String,
    password: String,
}

fn main() {
    // for example, from a user input form
    let user = User {
        email: String::from("foo@email.com"),
        password: String::from("Password123"),
    };

    let hashed_password = password_hasher(&user.password);
    println!("Original password = {}", &user.password);
    // hashed password to be inserted in a database
    println!("Hashed   password = {}", hashed_password);
}

fn password_hasher(password: &String) -> String {
    let salt: [u8; 32] = rand::thread_rng().gen();
    let config = Config::default();
    let hash = argon2::hash_encoded(password.as_bytes(), &salt, &config).unwrap();
    hash.to_string()
}

H2CO3 · January 21, 2023, 6:48am

No, probably. You throw away the salt, which renders the returned hash useless for authenticatication – you won't be able to reproduce it.

Why don't you follow the official example code?

(Sidenote: don't call functions by a name that is a noun unless they are constructors or getters. Call it hash_password(), not password_hasher().)

azizazlan · January 21, 2023, 11:28am

Thank you.

system · April 21, 2023, 11:29am

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.

Topic		Replies	Views
Verification of hashed password does not need salt? help	5	959	November 20, 2019
Help hashing a password using bcrypt_pbkdf and the crypto crate help	5	2378	January 12, 2023
My first Rust project: the Ripasso password manager announcements	4	1354	January 12, 2023
Hash Prefix collisions	13	1453	May 19, 2022
Can I insert variable result into database?	9	1692	May 25, 2020

Routine insert for hash password in a database

Related Topics