This library aims to be a all-in-one solution for password storage. In particular, we aim to provide:
- Easy-to-use password storage with sane defaults.
- Tools to provide parameter tuning for different use cases.
- Automatic migration of password hashes to new algorithms.
libpasta is designed to be as simple to use as possible. Most users would rather not have to choose which password algorithm to use, nor understand what are the best parameter choices.
Therefore, we take great care to make this all opaque to the user:
let password = "hunter2".owned();
let hash = hash_password(password);
// store hash in database
// ... time passes, user returns ...
let password = "hunter2".owned();
if verify_password(password, &hash) {
// do something
}
A brief comparison between libpasta and some alternatives can be found in the documentation.
To build the libpasta
system library, simply run make
. This outputs
a build/libpasta.so
file (or system-appropriate filename).
You can also try running make install
to automatically move it to the correct
location.
The library is generated as a result of building libpasta-capi, which is a C-API wrapper built around the Rust code.
The rest of this README is dedicated to developing the code. For more about the library, and examples, please see: https://libpasta.github.io/ or the documentation.
libpasta is still currently in development. The current version is 0.0.1
representing a pre-release. After gathering some initial feedback we will
move to 0.1.0
release, at which point libpasta will be ready to use in
test environments. We are targetting a stable 1.0.0
release once the API
is stable, and testing reveals no major issues.
libpasta is still in its infancy, and the best way to contribute right now is to start testing it in new projects.
Please feel free to open new issues or pull requests for any bugs found, feature requests, or general suggestions.
We very much welcome any contributions, and simply ask for patience and civility when dealing with any disagreements or problems.
libpasta is licensed under the MIT license: License.