Added generic parsing of PHC format (the successor to modular crypt format)
rustfmt the entire codebase
Why Use Ring
The ring crate is under active development while development of rust-crypto has stalled. Using a crate that is being actively improved is important especially important for crypto because the validity of any crypto algorithm is eliminated over time by adversaries. In the short term ring provides a constant time pbkdf2 verify function. Additionally ring can be statically linked, which is important for my application.
Why move to PHC format
The library is already using PHC format instead of modular crypt format for producing and deriving portable fingerprints. The wikipedia page referenced for modular crypt format is actually about the updated PHC format, and that format is the one that the code on master is parsing and generating. I factored out the code that parses the PHC format fingerprints from the derivation and validity logic. I could not find any crates on crates.io that currently handle this format generically. rust-argon2 uses this format to create and read fingerprints internally, but it only exposes the completed String from the public API. I think parsing the format is a valuable distinct feature because it allows writing programs that work with hashed fingerprints outside of the realm of just accepting a password string and hashing it. For example, you could write short script to migrate a legacy database that did not use PHC format fingerprints to using PHC formated fingerprints without having to worry about serialization.
I have replaced the PasswordDerivationFunctionBuilder workflow with a single type that represents the PHC formatted string as a Rust struct and a higher order function.
string can be converted into a PHCEncoded struct
PHCEncoded struct can be converted into a string
PHCEncoded can be converted into a Boxed pointer to a function that will hash a password using that same algorithm, salt, and settings as the reference hash fingerprint. This performs the same way as PasswordDerivationFunctionBuilder, except now the state is explicitly passed in.
rustfmt
the entire codebaseWhy Use Ring
The ring crate is under active development while development of rust-crypto has stalled. Using a crate that is being actively improved is important especially important for crypto because the validity of any crypto algorithm is eliminated over time by adversaries. In the short term ring provides a constant time pbkdf2 verify function. Additionally ring can be statically linked, which is important for my application.
Why move to PHC format
The library is already using PHC format instead of modular crypt format for producing and deriving portable fingerprints. The wikipedia page referenced for modular crypt format is actually about the updated PHC format, and that format is the one that the code on master is parsing and generating. I factored out the code that parses the PHC format fingerprints from the derivation and validity logic. I could not find any crates on crates.io that currently handle this format generically. rust-argon2 uses this format to create and read fingerprints internally, but it only exposes the completed String from the public API. I think parsing the format is a valuable distinct feature because it allows writing programs that work with hashed fingerprints outside of the realm of just accepting a password string and hashing it. For example, you could write short script to migrate a legacy database that did not use PHC format fingerprints to using PHC formated fingerprints without having to worry about serialization.
I have replaced the
PasswordDerivationFunctionBuilder
workflow with a single type that represents the PHC formatted string as a Rust struct and a higher order function.string
can be converted into aPHCEncoded
structPHCEncoded
struct can be converted into a stringPHCEncoded
can be converted into a Boxed pointer to a function that will hash a password using that same algorithm, salt, and settings as the reference hash fingerprint. This performs the same way asPasswordDerivationFunctionBuilder
, except now the state is explicitly passed in.