From 33e2dda9d3ce0744100934dd14cb0520fd286f52 Mon Sep 17 00:00:00 2001 From: sunface Date: Mon, 4 Apr 2022 15:04:20 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E7=AB=A0=E8=8A=82=20[Cookboo?= =?UTF-8?q?k=20-=20=E5=8A=A0=E5=AF=86]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/cookbook/cryptography/encryption.md | 56 +++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/src/cookbook/cryptography/encryption.md b/src/cookbook/cryptography/encryption.md index c3e253eb..a728da46 100644 --- a/src/cookbook/cryptography/encryption.md +++ b/src/cookbook/cryptography/encryption.md @@ -1 +1,57 @@ # 加密 + +### 使用 PBKDF2 对密码进行哈希和加盐( salt ) +[ring::pbkdf2]() 可以对一个加盐密码进行哈希。 + +```rust,editable + +use data_encoding::HEXUPPER; +use ring::error::Unspecified; +use ring::rand::SecureRandom; +use ring::{digest, pbkdf2, rand}; +use std::num::NonZeroU32; + +fn main() -> Result<(), Unspecified> { + const CREDENTIAL_LEN: usize = digest::SHA512_OUTPUT_LEN; + let n_iter = NonZeroU32::new(100_000).unwrap(); + let rng = rand::SystemRandom::new(); + + let mut salt = [0u8; CREDENTIAL_LEN]; + // 生成 salt: 将安全生成的随机数填入到字节数组中 + rng.fill(&mut salt)?; + + let password = "Guess Me If You Can!"; + let mut pbkdf2_hash = [0u8; CREDENTIAL_LEN]; + pbkdf2::derive( + pbkdf2::PBKDF2_HMAC_SHA512, + n_iter, + &salt, + password.as_bytes(), + &mut pbkdf2_hash, + ); + println!("Salt: {}", HEXUPPER.encode(&salt)); + println!("PBKDF2 hash: {}", HEXUPPER.encode(&pbkdf2_hash)); + + // `verify` 检查哈希是否正确 + let should_`succeed = pbkdf2::verify( + pbkdf2::PBKDF2_HMAC_SHA512, + n_iter, + &salt, + password.as_bytes(), + &pbkdf2_hash, + ); + let wrong_password = "Definitely not the correct password"; + let should_fail = pbkdf2::verify( + pbkdf2::PBKDF2_HMAC_SHA512, + n_iter, + &salt, + wrong_password.as_bytes(), + &pbkdf2_hash, + ); + + assert!(should_succeed.is_ok()); + assert!(!should_fail.is_ok()); + + Ok(()) +} +``` \ No newline at end of file