argonautica
argonautica copied to clipboard
bcmyers
Idiomatic argon2 password hashing for several languages
This should fix #19 by using the constant_time_eq crate to compare hashes. I also tried to make `verify` more readable by moving duplicated code out of the match arms. The...
This fixes the usage of `OsRng` in the benchmarks to work with rand 0.7.0
You need to use `write_volatile` instead of `write_bytes` or the clearing might be optimized away. E.g. if you take a look at how the C argon library uses password clearing...
The methods `hash_non_blocking`, `verify_non_blocking` and `hash_raw_non_blocking` still use 0.1 version of futures.rs and I was wondering if there are plans to migrate them to the 0.3 version of the Future...
Using `opt-level = "z"` or `opt-level = "s"` returns a build error: Error: ParseIntError { kind: InvalidDigit } generated at [argonautica-rs/build.rs#L69](https://github.com/bcmyers/argonautica/blob/master/argonautica-rs/build.rs#L69) Ideally the argon2 dependency would compile with this setting...
I'd like to keep a hasher around and use it to hash password. Something like: ```rust pub struct AuthService { secret_key: String, hasher: Hasher, } impl AuthService { pub fn...
The documentation and examples are unclear on whether or not reusing the instantiated objects is secure. On one hand the configurations suggest it should be reused, on the other some...
More information: - https://forums.developer.apple.com/thread/121887 - https://trac.ffmpeg.org/ticket/8073#comment:12 - https://github.com/jedisct1/libsodium/issues/848 Note, of course, as mentioned in #20, I am completely new to all of this and have no idea what I'm doing...
Hi! I'm not very experienced with all this lower-level stuff (been writing GC'd code in Node.js and OCaml for, like, ten years, and I think I've forgotten everything I ever...
This implementation's `Verifier::verify()` function doesn't make any attempt to use constant-time comparison, opening up the potential for side-channel attacks: https://github.com/bcmyers/argonautica/blob/master/argonautica-rs/src/verifier.rs#L131 The reference implementation does attempt to make the comparison constant-time:...
