Collection of cryptographic hash functions written in pure Rust.
All algorithms reside in the separate crates and implemented using traits from
digest
crate. Additionally all crates do not
require the standard library (i.e. no_std
capable) and can be easily used for
bare-metal or WebAssembly programming.
Note: For new applications, or where compatibility with other existing standards is not a primary concern, we strongly recommend to use either BLAKE2, SHA-2 or SHA-3.
Name | Algorithm | Crates.io | Documentation | Build Status | Security |
---|---|---|---|---|---|
blake2 |
BLAKE2 | π | |||
gost94 |
GOST94 (GOST R 34.11-94) | π | |||
groestl |
GrΓΈstl (Groestl) | π | |||
k12 |
KangarooTwelve | π | |||
md2 |
MD2 | π | |||
md4 |
MD4 | π | |||
md-5 β |
MD5 | π | |||
ripemd160 |
RIPEMD-160 | π | |||
ripemd320 |
RIPEMD-320 | π* | |||
sha-1 β |
SHA-1 | π | |||
sha2 |
SHA-2 | π | |||
sha3 |
SHA-3 (Keccak) | π | |||
shabal |
SHABAL | π | |||
streebog |
Streebog (GOST R 34.11-2012) | π | |||
tiger |
Tiger | π | |||
whirlpool |
Whirlpool | π |
NOTE: the BLAKE3 crate implements the digest
(and crypto-mac
) traits used by the rest of the hashes in this repository, but is maintained by the BLAKE3 team.
* RIPEMD-320 provides only the same security as RIPEMD-160
Whenever possible crates are published under the the same name as the crate
folder. Owners of md5
and sha1
crates declined
(1,
2) to participate in this
project. This is why crates marked by β are published under
md-5
and sha-1
names respectively.
The following describes the security level ratings associated with each hash function (i.e. algorithms, not the specific implementation):
Heart | Description |
---|---|
π | No known successful attacks |
π | Theoretical break: security lower than claimed |
π | Attack demonstrated in practice: avoid if at all possible |
See the Security page on Wikipedia for more information.
All crates in this repository support Rust 1.21 or higher. In future minimally supported version of Rust can be changed, but it will be done with a minor version bump.
Let us demonstrate how to use crates in this repository using BLAKE2b as an example.
First add blake2
crate to your Cargo.toml
:
[dependencies]
blake2 = "0.9"
Note that crates in this repository have an enabled by default std
feature.
So if you plan to use the crate in no_std
enviroments, don't forget to disable it:
[dependencies]
blake2 = { version="0.9", default-features = false }
blake2
and other crates re-export digest
crate and Digest
trait for
convenience, so you don't have to add digest
crate as an explicit dependency.
Now you can write the following code:
use blake2::{Blake2b, Digest};
let mut hasher = Blake2b::new();
let data = b"Hello world!";
hasher.update(data);
// `update` can be called repeatedly and is generic over `AsRef<[u8]>`
hasher.update("String data");
// Note that calling `finalize()` consumes hasher
let hash = hasher.finalize();
println!("Result: {:x}", hash);
In this example hash
has type GenericArray<u8, U64>
, which is a generic
alternative to [u8; 64]
.
Alternatively you can use chained approach, which is equivalent to the previous example:
use blake2::{Blake2b, Digest};
let hash = Blake2b::new()
.chain(b"Hello world!")
.chain("String data")
.finalize();
println!("Result: {:x}", hash);
If the whole message is available you also can use convinience digest
method:
use blake2::{Blake2b, Digest};
let hash = Blake2b::digest(b"my message");
println!("Result: {:x}", hash);
If you want to hash data from Read
trait (e.g. from file) you can rely on
implementation of Write
trait (requires an enabled-by-default std
feature):
use blake2::{Blake2b, Digest};
use std::{fs, io};
let mut file = fs::File::open(&path)?;
let mut hasher = Blake2b::new();
let n = io::copy(&mut file, &mut hasher)?;
let hash = hasher.finalize();
println!("Path: {}", path);
println!("Bytes processed: {}", n);
println!("Hash value: {:x}", hash);
If you want to calculate Hash-based Message Authentication Code (HMAC),
you can use generic implementation from hmac
crate,
which is a part of the RustCrypto/MACs repository.
You can write generic code over Digest
(or other traits from digest
crate)
trait which will work over different hash functions:
use digest::Digest;
use blake2::Blake2b;
use sha2::Sha256;
// Toy example, do not use it in practice!
// Instead use crates from: https://github.com/RustCrypto/password-hashing
fn hash_password<D: Digest>(password: &str, salt: &str, output: &mut [u8]) {
let mut hasher = D::new();
hasher.update(password.as_bytes());
hasher.update(b"$");
hasher.update(salt.as_bytes());
output.copy_from_slice(&hasher.finalize())
}
let mut buf1 = [0u8; 64];
hash_password::<Blake2b>("my_password", "abcd", &mut buf1);
let mut buf2 = [0u8; 32];
hash_password::<Sha256>("my_password", "abcd", &mut buf2);
If you want to use hash functions with trait objects, use digest::DynDigest
trait.
All crates licensed under either of
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.