Crate pbkdf2

source ·
Expand description

This crate implements the PBKDF2 key derivation function as specified in RFC 2898.

If you are only using the low-level pbkdf2 function instead of the higher-level [Pbkdf2] struct to produce/verify hash strings, it’s recommended to disable default features in your Cargo.toml:

pbkdf2 = { version = "0.7", default-features = false }

Usage (simple with default params)

Note: this example requires the rand_core crate with the std feature enabled for rand_core::OsRng (embedded platforms can substitute their own RNG)

Add the following to your crate’s Cargo.toml to import it:

pbkdf2 = "0.7"
rand_core = { version = "0.6", features = ["std"] }

The following example demonstrates the high-level password hashing API:

use pbkdf2::{
        PasswordHash, PasswordHasher, PasswordVerifier, SaltString

let password = b"hunter42"; // Bad password; don't actually use!
let salt = SaltString::generate(&mut OsRng);

// Hash password to PHC string ($pbkdf2-sha256$...)
let password_hash = Pbkdf2.hash_password(password, &salt)?.to_string();

// Verify password against PHC string
let parsed_hash = PasswordHash::new(&password_hash)?;
assert!(Pbkdf2.verify_password(password, &parsed_hash).is_ok());


Generic implementation of PBKDF2 algorithm.