Question 1

How to use RustCrypto password hashes in a Rust web app?

Accepted Answer

Import the relevant crates (e.g., argon2), hash passwords on registration with configurable parameters, and verify on login using the PasswordVerifier trait. Store the PHC-formatted hash string in your database, as demonstrated in the README example.

Question 2

Argon2 vs bcrypt in RustCrypto: which should I use?

Accepted Answer

Argon2 is recommended for new projects due to its resistance to GPU attacks and status as a competition winner, while bcrypt is better for legacy compatibility. The README references OWASP guidelines to help decide based on your security requirements.

Question 3

Is RustCrypto/password-hashes production ready?

Accepted Answer

Yes, it's part of the RustCrypto organization with a focus on secure, audited implementations. However, always verify specific audit reports for critical applications, as the README doesn't provide detailed audit information.

Question 4

How to migrate from old hashes like PBKDF2 to Argon2 using RustCrypto?

Accepted Answer

Verify the old hash with the Pbkdf2 crate on user login, then re-hash with Argon2 and update the database. The unified API allows smooth transition by supporting multiple algorithms in verification loops.

Question 5

What are the performance benchmarks for these password hashing algorithms?

Accepted Answer

Benchmarks aren't included in the README. Since it's pure Rust, performance may lag behind optimized C versions. For accurate data, run your own tests or check external resources like crates.io documentation for each algorithm.

Question 6

Can I use RustCrypto password hashes with async Rust?

Accepted Answer

Yes, but the crates are synchronous, so you'll need to offload hashing to blocking threads or use async runtimes manually. No built-in async support is mentioned, which could add complexity in high-concurrency applications.

password-hashes

What is password-hashes?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions