password-hashes
password-hashes copied to clipboard
RustCrypto
add bcrypt_simple and bcrypt_check
These two functions are conspicuously missing from bcrypt-pbkdf2 compared to pbkdf2 and scrypt. It would be nice to have them to not have to worry about password string encoding or constant-time equality.
Is there a well-defined MCF (or PHC, see #34) hash format for bcrypt-pbkdf2?
There doesn't seem to be. In our use of bcrypt-pbkdf we ended up going with a custom PHC format using our own internal identifier, using just a rounds parameter.
I would probably say to use pbkdf2-bhash as the identifier which falls in line with the MCF convention for PBKDF2 with different SHA variants: https://passlib.readthedocs.io/en/stable/modular_crypt_format.html#application-defined-hashes
"bhash" being what the following page describes as the bcrypt-derivative used in this case: https://flak.tedunangst.com/post/bcrypt-pbkdf
Thus, for this crate, I propose the following:
$pbkdf2-bhash$rounds=<u32>$<salt>$<hash>
The $pbkdf2-bhash identifier seems reasonable enough.
Regarding rounds, using a full word like that is a bit unprecedented given the existing PHC hashes we implement:
- PBKDF2 uses
i - scrypt uses
n - Argon2 uses
t
I would probably suggest i so as to match PBKDF2
i sounds fine, that would save a few bytes per user of storage in databases.
I think this would probably all be rolled into implementing the new password-hash API in bcrypt-pbkdf, correct?
Yep. If you're interested feel free to open a PR, or otherwise I'll take a look when I have some time
Since there's no interop story here, I'm not sure this makes sense.
bcrypt_pbkdf2 is really useful for deriving an encryption key for SSH private keys, not for general password strage.