• The rust-crypto crate has been replaced with ring
• Dropped support for using SHA1 as a PRF
• Added generic parsing of PHC format (the successor to modular crypt format)
• rustfmt the entire codebase

Why Use Ring

The ring crate is under active development while development of rust-crypto has stalled. Using a crate that is being actively improved is important especially important for crypto because the validity of any crypto algorithm is eliminated over time by adversaries. In the short term ring provides a constant time pbkdf2 verify function. Additionally ring can be statically linked, which is important for my application.

Why move to PHC format

The library is already using PHC format instead of modular crypt format for producing and deriving portable fingerprints. The wikipedia page referenced for modular crypt format is actually about the updated PHC format, and that format is the one that the code on master is parsing and generating. I factored out the code that parses the PHC format fingerprints from the derivation and validity logic. I could not find any crates on crates.io that currently handle this format generically. rust-argon2 uses this format to create and read fingerprints internally, but it only exposes the completed String from the public API. I think parsing the format is a valuable distinct feature because it allows writing programs that work with hashed fingerprints outside of the realm of just accepting a password string and hashing it. For example, you could write short script to migrate a legacy database that did not use PHC format fingerprints to using PHC formated fingerprints without having to worry about serialization.

I have replaced the PasswordDerivationFunctionBuilder workflow with a single type that represents the PHC formatted string as a Rust struct and a higher order function.

• string can be converted into a PHCEncoded struct
• PHCEncoded struct can be converted into a string
• PHCEncoded can be converted into a Boxed pointer to a function that will hash a password using that same algorithm, salt, and settings as the reference hash fingerprint. This performs the same way as PasswordDerivationFunctionBuilder, except now the state is explicitly passed in.

Further Work

This pull request is suggestion, I do not expect to merge this directly in without edits. Right now these changes are internal only, with the exception of dropping support for SHA1 based pbkdf2, the public API has neither been changed or increased. I am not sure why ring does not support SHA1 for pbkdf2. My understanding is that collisions in SHA1 do not affect its security as a PRF, however Brian Smith who is a much better cryptographer than I am has unit tests that explicitly reject using SHA1 for pbkdf2.

Hopefully you can try out the new version in your internal application and verify that its behavior is identical. I only modified the three tests for the pass module, and that was to remove SHA1.

Hello

This pull request contains the key_uri_format() method for the HOTP and TOTP types. This implementation was written according to the official Google specification. This format is used to generate QR codes.

Example:

let key_ascii = "12345678901234567890".to_owned();
let mut totp = libreauth::oath::TOTPBuilder::new()
    .ascii_key(&key_ascii)
    .finalize()
    .unwrap();

let uri = totp.key_uri_format("Provider1:[email protected]", Some("Provider1"));
assert_eq!(
    uri,
    "otpauth://totp/Provider1:[email protected]?secret=GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ&issuer=Provider1&algorithm=SHA1&digits=6&period=30"
);

I've tested this on Android and it works fine. The tests were compared to the results of the following generator.

Open considerations:

• This feature is not implemented for the C bindings.
• Certain apps such as FreeOTP will crash if the label is empty (""). Should this method return an error if that's the case? In the end, it's up to the developer to choose the label and requirements should not be enforced by this library.

Actually I use this Crate within SSO Crate: (https://github.com/mojzu/sso) When compiling, an error message appears as below.

...
" "opengl32.lib" "pdh.lib" "psapi.lib" "secur32.lib" "synchronization.lib" "user32.lib" "winspool.lib" "ws2_32.lib" "advapi32.lib" "advapi32.lib" "ws2_32.lib" "userenv.lib" "msvcrt.lib" "/DLL" "/IMPLIB:C:\\Users\\Altair\\RustLang\\sso\\sso\\target\\debug\\deps\\libreauth-31d786d1841dfabd.dll.lib"
  = note: lib.def : error LNK2001: unresolved external symbol _ZN101_$LT$core..ops..range..RangeTo$LT$usize$GT$$u20$as$u20$core..slice..SliceIndex$LT$$u5b$T$u5d$$GT$$GT$5index17h7d997d5ad475efa6E
          lib.def : error LNK2001: unresolved external symbol _ZN101_$LT$core..ops..range..RangeTo$LT$usize$GT$$u20$as$u20$core..slice..SliceIndex$LT$$u5b$T$u5d$$GT$$GT$9index_mut17hfcd3004d59b55041E
          lib.def : error LNK2001: unresolved external symbol _ZN4core10intrinsics23is_aligned_and_not_null17h004f31e9d3749227E
          lib.def : error LNK2001: unresolved external symbol _ZN4core3mem8align_of17h76a8694b42f8ab7bE
          lib.def : error LNK2001: unresolved external symbol _ZN4core3ptr20slice_from_raw_parts17h5eb3363f98bacd21E
          lib.def : error LNK2001: unresolved external symbol _ZN4core3ptr24slice_from_raw_parts_mut17h0d81b01af03b334aE          lib.def : error LNK2001: unresolved external symbol _ZN4core3ptr31_$LT$impl$u20$$BP$mut$u20$T$GT$6offset17h2be3b22172cbf407E
          lib.def : error LNK2001: unresolved external symbol _ZN4core3ptr31_$LT$impl$u20$$BP$mut$u20$T$GT$7is_null17h5d256813897e7b1fE
          lib.def : error LNK2001: unresolved external symbol _ZN4core5slice14from_raw_parts17h7eda3e6aa83543c9E
          lib.def : error LNK2001: unresolved external symbol _ZN4core5slice18from_raw_parts_mut17h24ee7f49401cd13bE
          lib.def : error LNK2001: unresolved external symbol _ZN4core5slice29_$LT$impl$u20$$u5b$T$u5d$$GT$10as_mut_ptr17h585545c221974ffdE
          lib.def : error LNK2001: unresolved external symbol _ZN4core5slice74_$LT$impl$u20$core..ops..index..Index$LT$I$GT$$u20$for$u20$$u5b$T$u5d$$GT$5index17h9eb3c88cffc0b562E
          lib.def : error LNK2001: unresolved external symbol _ZN4core5slice77_$LT$impl$u20$core..ops..index..IndexMut$LT$I$GT$$u20$for$u20$$u5b$T$u5d$$GT$9index_mut17h5105de3abfcbdcf6E
          lib.def : error LNK2001: unresolved external symbol _ZN55_$LT$$RF$T$u20$as$u20$core..convert..AsRef$LT$U$GT$$GT$6as_ref17hca492517a62ed7bdE
          lib.def : error LNK2001: unresolved external symbol _ZN63_$LT$I$u20$as$u20$core..iter..traits..collect..IntoIterator$GT$9into_iter17h47b87f9cd88a80edE
          lib.def : error LNK2001: unresolved external symbol _ZN63_$LT$I$u20$as$u20$core..iter..traits..collect..IntoIterator$GT$9into_iter17h67ee80a0073fb05eE
          lib.def : error LNK2001: unresolved external symbol _ZN85_$LT$core..slice..Iter$LT$T$GT$$u20$as$u20$core..iter..traits..iterator..Iterator$GT$4next17h236d91582e3fea51E
          lib.def : error LNK2001: unresolved external symbol _ZN88_$LT$core..slice..IterMut$LT$T$GT$$u20$as$u20$core..iter..traits..iterator..Iterator$GT$4next17h8e0ae1d9ba60fce8E
          lib.def : error LNK2001: unresolved external symbol _ZN99_$LT$core..ops..range..Range$LT$usize$GT$$u20$as$u20$core..slice..SliceIndex$LT$$u5b$T$u5d$$GT$$GT$13get_unchecked17he3dc0bafa3708c12E
          lib.def : error LNK2001: unresolved external symbol _ZN99_$LT$core..ops..range..Range$LT$usize$GT$$u20$as$u20$core..slice..SliceIndex$LT$$u5b$T$u5d$$GT$$GT$17get_unchecked_mut17hc008b1af8b00e9c3E
          lib.def : error LNK2001: unresolved external symbol _ZN99_$LT$core..ops..range..Range$LT$usize$GT$$u20$as$u20$core..slice..SliceIndex$LT$$u5b$T$u5d$$GT$$GT$5index17h20d37ee486013a67E
          lib.def : error LNK2001: unresolved external symbol _ZN99_$LT$core..ops..range..Range$LT$usize$GT$$u20$as$u20$core..slice..SliceIndex$LT$$u5b$T$u5d$$GT$$GT$9index_mut17h46dd287dd867c731E
          C:\Users\Afrizal Yusren\RustLang\sso\sso\target\debug\deps\libreauth-31d786d1841dfabd.dll.lib : fatal error LNK1120: 22 unresolved externals


error: aborting due to previous error

error: Could not compile `libreauth`.
warning: build failed, waiting for other jobs to finish...

Is there a special library for Windows that I need to include? thank you for your attention.

Hi. I'd like to ask some advice regarding the best way to use this library to implement password authentication for a Web service. I understand this might be out of scope of the project so please forgive me if I'm asking too much.

I'm using HTTPS to connect to server. My client is in Rust compiled to WASM, server is in Rust. There are several questions:

1. I've read that applying salt to hashed password is a good practice. How do I obtain this salt so that it would make sense from cryptography point of view? Doesn't look like I can pick any string of any length. Also, does it need to change? Should it be per user or per request? Should I apply it before or after hashing (since library has both)?
2. Do I transmit the password in plain text over HTTPS and hash it on the server? I've read conflicting arguments on this. I believe this is the correct way to hash password and store it in the database because otherwise I'm trusting client's code and the password hash itself becomes visible on the wire for any MITM attacker (hence becoming the password).
3. Example of doing password authentication has a case for password schema update. It says we should hash it again. Since we're not storing the original password, we should be doing a password reset procedure for the user, so that they can enter their old and new passwords, and we could hash new one and update the schema. Is that correct?

Is there a reason why oath is named oath? The description is just

HOTP and TOTP authentication module

Or is it linked to the https://openauthentication.org/ organization? Is it a typo? Why isn't it otp?

Hi!

The README says that password authentication is not ready yet.

I've read the code and it seems to me that all the necessary features are implemented and the API is pretty clear.

Is there anything that should be done before password authentication can be considered ready/complete ?

I been reading the source code and I am hoping you will correct my current understanding of what this crate does.

My understanding is that this crate only has 3 areas of functionality

• Generate and verify TOTP codes from a key passed in
• Generate and verify HOTP codes from a a key passed in
• Generate PHC format from password and salt and verify password against PHC string?

Additionally each of these areas have excellent user facing documentation, C library bindings, and thorough tests which are very nice. The API is simple and easy to use.

The password verification functionality is what I am most interested in because I do not understand what is going on inside pass::is_valid(password: &str, reference: &str) -> bool. I think reference is the PHC format password hash information string. First the PHC string is inspected to choose the right hash function (with same salt and workfactor). Once the hash function "closure" is set up, hash the user provided password. Next is where I get lost. A random 32 byte key is generated and used to sign and HMAC value for both the reference PHC string and the PHC string generated from the user password. The password is verified only if the HMAC values match.

To me there is real value with parsing and serializing the PHC format. I like that API boundary decision because it lets me use a single DB column value. What I do not understand is why not use the crypto library's pbkdf2::verify implementation instead of this double HMAC result checking scheme?

Updates the requirements on base64 to permit the latest version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Updates the requirements on pbkdf2 to permit the latest version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Updates the requirements on rust-argon2 to permit the latest version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Updates the requirements on sha-1 to permit the latest version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.