From 88adb62e399e7f7b0f3fe5935190c532247b2840 Mon Sep 17 00:00:00 2001 From: Mike Mulchrone Date: Thu, 19 Mar 2026 19:54:54 -0400 Subject: [PATCH 1/8] initial commit with prototype code for giving SHA-512 a parameter iteration count of 210,000 instead of 600,000 which is for SHA-256 --- pbkdf2/src/lib.rs | 31 +++++++++++++++++++--- pbkdf2/src/mcf.rs | 2 +- pbkdf2/src/params.rs | 62 +++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 88 insertions(+), 7 deletions(-) diff --git a/pbkdf2/src/lib.rs b/pbkdf2/src/lib.rs index 3f011d96..c67ef9c2 100644 --- a/pbkdf2/src/lib.rs +++ b/pbkdf2/src/lib.rs @@ -297,10 +297,12 @@ pub struct Pbkdf2 { #[cfg(feature = "sha2")] impl Pbkdf2 { /// PBKDF2 configured with SHA-256 as the default. - pub const SHA256: Self = Self::new(Algorithm::Pbkdf2Sha256, Params::RECOMMENDED); + pub const SHA256: Self = + Self::new(Algorithm::Pbkdf2Sha256, Params::recommended_for(Algorithm::Pbkdf2Sha256)); /// PBKDF2 configured with SHA-512 as the default. - pub const SHA512: Self = Self::new(Algorithm::Pbkdf2Sha512, Params::RECOMMENDED); + pub const SHA512: Self = + Self::new(Algorithm::Pbkdf2Sha512, Params::recommended_for(Algorithm::Pbkdf2Sha512)); } #[cfg(feature = "sha2")] @@ -321,7 +323,7 @@ impl From for Pbkdf2 { fn from(algorithm: Algorithm) -> Self { Self { algorithm, - params: Params::default(), + params: Params::recommended_for(algorithm), } } } @@ -336,6 +338,29 @@ impl From for Pbkdf2 { } } +#[cfg(all(test, feature = "sha2"))] +mod tests { + use super::{Algorithm, Params, Pbkdf2}; + + #[test] + fn recommended_params_follow_algorithm() { + assert_eq!( + Params::recommended_for(Algorithm::Pbkdf2Sha256).rounds(), + Params::RECOMMENDED_ROUNDS + ); + assert_eq!( + Params::recommended_for(Algorithm::Pbkdf2Sha512).rounds(), + Params::RECOMMENDED_SHA512_ROUNDS + ); + } + + #[test] + fn pbkdf2_algorithm_defaults_use_matching_rounds() { + assert_eq!(Pbkdf2::SHA256, Pbkdf2::from(Algorithm::Pbkdf2Sha256)); + assert_eq!(Pbkdf2::SHA512, Pbkdf2::from(Algorithm::Pbkdf2Sha512)); + } +} + #[cfg(feature = "kdf")] impl Kdf for Pbkdf2 { fn derive_key(&self, password: &[u8], salt: &[u8], out: &mut [u8]) -> kdf::Result<()> { diff --git a/pbkdf2/src/mcf.rs b/pbkdf2/src/mcf.rs index 496e395e..4b388fe9 100644 --- a/pbkdf2/src/mcf.rs +++ b/pbkdf2/src/mcf.rs @@ -78,7 +78,7 @@ impl PasswordVerifier for Pbkdf2 { let algorithm = hash.id().parse::()?; let mut fields = hash.fields(); let mut next = fields.next().ok_or(Error::EncodingInvalid)?; - let mut params = Params::default(); + let mut params = Params::recommended_for(algorithm); // decode params if let Ok(p) = next.as_str().parse::() { diff --git a/pbkdf2/src/params.rs b/pbkdf2/src/params.rs index a9b2a3d1..e46ae22d 100644 --- a/pbkdf2/src/params.rs +++ b/pbkdf2/src/params.rs @@ -1,5 +1,7 @@ use core::fmt::{self, Display}; +use crate::Algorithm; + #[cfg(feature = "phc")] use password_hash::phc::{self, Decimal, ParamsString}; #[cfg(feature = "password-hash")] @@ -32,15 +34,26 @@ impl Params { /// Recommended output length. pub const RECOMMENDED_OUTPUT_LENGTH: usize = 32; - /// Recommended number of PBKDF2 rounds (used by default). + /// Recommended number of PBKDF2-SHA256 rounds (used by default). /// /// This number is adopted from the [OWASP cheat sheet]: /// - /// > Use PBKDF2 with a work factor of 600,000 or more + /// > Use PBKDF2 with a work factor of 600,000 or more and set with an + /// > internal hash function of HMAC-SHA-256. /// /// [OWASP cheat sheet]: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html pub const RECOMMENDED_ROUNDS: u32 = 600_000; + /// Recommended number of PBKDF2-SHA512 rounds. + /// + /// This number is adopted from the [OWASP cheat sheet]: + /// + /// > Use PBKDF2 with a work factor of 210,000 or more and set with an + /// > internal hash function of HMAC-SHA-512. + /// + /// [OWASP cheat sheet]: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html + pub const RECOMMENDED_SHA512_ROUNDS: u32 = 210_000; + /// Recommended PBKDF2 parameters adapted from the [OWASP cheat sheet]. /// /// [OWASP cheat sheet]: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html @@ -49,6 +62,19 @@ impl Params { output_len: Self::RECOMMENDED_OUTPUT_LENGTH, }; + /// Recommended PBKDF2 parameters for the selected algorithm. + pub const fn recommended_for(algorithm: Algorithm) -> Self { + let rounds = match algorithm { + Algorithm::Pbkdf2Sha256 => Self::RECOMMENDED_ROUNDS, + Algorithm::Pbkdf2Sha512 => Self::RECOMMENDED_SHA512_ROUNDS, + }; + + Self { + rounds, + output_len: Self::RECOMMENDED_OUTPUT_LENGTH, + } + } + /// Create new params with the given number of rounds. #[cfg(feature = "password-hash")] pub const fn new(rounds: u32) -> Result { @@ -158,7 +184,37 @@ impl TryFrom<&phc::PasswordHash> for Params { return Err(Error::Version); } - let params = Self::try_from(&hash.params)?; + let algorithm = Algorithm::try_from(hash.algorithm.as_str())?; + let mut rounds = Self::recommended_for(algorithm).rounds(); + let mut output_len = Self::RECOMMENDED_OUTPUT_LENGTH; + + for (ident, value) in hash.params.iter() { + match ident.as_str() { + "i" => { + rounds = value + .decimal() + .map_err(|_| Error::ParamInvalid { name: "i" })?; + + if rounds < Self::MIN_ROUNDS { + return Err(Error::ParamInvalid { name: "i" }); + } + } + "l" => { + output_len = value + .decimal() + .ok() + .and_then(|dec| dec.try_into().ok()) + .ok_or(Error::ParamInvalid { name: "l" })?; + + if output_len > Self::MAX_OUTPUT_LENGTH { + return Err(Error::ParamInvalid { name: "l" }); + } + } + _ => return Err(Error::ParamsInvalid), + } + } + + let params = Params::new_with_output_len(rounds, output_len)?; if let Some(hash) = &hash.hash { if hash.len() != params.output_len { From 87ec4fbc96984101619aa9664fc3b99240f3793e Mon Sep 17 00:00:00 2001 From: Mike Mulchrone Date: Thu, 19 Mar 2026 20:45:19 -0400 Subject: [PATCH 2/8] initial commit for refactoring with unit tests for sha2-512 and sha2-256 need to verify the iteration count is lower for 512 --- pbkdf2/src/lib.rs | 29 ++--------------------------- pbkdf2/src/params.rs | 32 +------------------------------- pbkdf2/tests/pbkdf2.rs | 30 ++++++++++++++++++++++++++++++ 3 files changed, 33 insertions(+), 58 deletions(-) diff --git a/pbkdf2/src/lib.rs b/pbkdf2/src/lib.rs index c67ef9c2..0aa68677 100644 --- a/pbkdf2/src/lib.rs +++ b/pbkdf2/src/lib.rs @@ -297,12 +297,10 @@ pub struct Pbkdf2 { #[cfg(feature = "sha2")] impl Pbkdf2 { /// PBKDF2 configured with SHA-256 as the default. - pub const SHA256: Self = - Self::new(Algorithm::Pbkdf2Sha256, Params::recommended_for(Algorithm::Pbkdf2Sha256)); + pub const SHA256: Self = Self::new(Algorithm::Pbkdf2Sha256, Params::recommended_for(Algorithm::Pbkdf2Sha256)); /// PBKDF2 configured with SHA-512 as the default. - pub const SHA512: Self = - Self::new(Algorithm::Pbkdf2Sha512, Params::recommended_for(Algorithm::Pbkdf2Sha512)); + pub const SHA512: Self = Self::new(Algorithm::Pbkdf2Sha512, Params::recommended_for(Algorithm::Pbkdf2Sha512)); } #[cfg(feature = "sha2")] @@ -338,29 +336,6 @@ impl From for Pbkdf2 { } } -#[cfg(all(test, feature = "sha2"))] -mod tests { - use super::{Algorithm, Params, Pbkdf2}; - - #[test] - fn recommended_params_follow_algorithm() { - assert_eq!( - Params::recommended_for(Algorithm::Pbkdf2Sha256).rounds(), - Params::RECOMMENDED_ROUNDS - ); - assert_eq!( - Params::recommended_for(Algorithm::Pbkdf2Sha512).rounds(), - Params::RECOMMENDED_SHA512_ROUNDS - ); - } - - #[test] - fn pbkdf2_algorithm_defaults_use_matching_rounds() { - assert_eq!(Pbkdf2::SHA256, Pbkdf2::from(Algorithm::Pbkdf2Sha256)); - assert_eq!(Pbkdf2::SHA512, Pbkdf2::from(Algorithm::Pbkdf2Sha512)); - } -} - #[cfg(feature = "kdf")] impl Kdf for Pbkdf2 { fn derive_key(&self, password: &[u8], salt: &[u8], out: &mut [u8]) -> kdf::Result<()> { diff --git a/pbkdf2/src/params.rs b/pbkdf2/src/params.rs index e46ae22d..0dc3b391 100644 --- a/pbkdf2/src/params.rs +++ b/pbkdf2/src/params.rs @@ -184,37 +184,7 @@ impl TryFrom<&phc::PasswordHash> for Params { return Err(Error::Version); } - let algorithm = Algorithm::try_from(hash.algorithm.as_str())?; - let mut rounds = Self::recommended_for(algorithm).rounds(); - let mut output_len = Self::RECOMMENDED_OUTPUT_LENGTH; - - for (ident, value) in hash.params.iter() { - match ident.as_str() { - "i" => { - rounds = value - .decimal() - .map_err(|_| Error::ParamInvalid { name: "i" })?; - - if rounds < Self::MIN_ROUNDS { - return Err(Error::ParamInvalid { name: "i" }); - } - } - "l" => { - output_len = value - .decimal() - .ok() - .and_then(|dec| dec.try_into().ok()) - .ok_or(Error::ParamInvalid { name: "l" })?; - - if output_len > Self::MAX_OUTPUT_LENGTH { - return Err(Error::ParamInvalid { name: "l" }); - } - } - _ => return Err(Error::ParamsInvalid), - } - } - - let params = Params::new_with_output_len(rounds, output_len)?; + let params = Self::try_from(&hash.params)?; if let Some(hash) = &hash.hash { if hash.len() != params.output_len { diff --git a/pbkdf2/tests/pbkdf2.rs b/pbkdf2/tests/pbkdf2.rs index bd81a2e3..de85bb8f 100644 --- a/pbkdf2/tests/pbkdf2.rs +++ b/pbkdf2/tests/pbkdf2.rs @@ -3,6 +3,7 @@ use belt_hash::BeltHash; use hex_literal::hex; use sha1::Sha1; +use sha2::{Sha256, Sha512}; use streebog::Streebog512; macro_rules! test { @@ -92,3 +93,32 @@ fn pbkdf2_belt() { "3D331BBB B1FBBB40 E4BF22F6 CB9A689E F13A77DC 09ECF932 91BFE424 39A72E7D"; ); } +#[test] +fn pbkdf2_algorithm_defaults_use_matching_rounds_sha_256() { + test!( + Sha256; + b"password", b"salt", 1, "120fb6cffcf8b32c43e7225256c4f837a86548c9"; + b"password", b"salt", 2, "ae4d0c95af6b46d32d0adff928f06dd02a303f8e"; + b"password", b"salt", 4096, "c5e478d59288c841aa530db6845c4c8d962893a0"; + // this test passes, but takes a long time to execute + // b"password", b"salt", 16777216, "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"; + b"passwordPASSWORDpassword", b"saltSALTsaltSALTsaltSALTsaltSALTsalt", 4096, + "348c89dbcbd32b2f32d814b8116e84cf2b17347e"; + b"pass\0word", b"sa\0lt", 4096, "89b69d0516f829893c696226650a86878c029ac1"; + ); +} + +#[test] +fn pbkdf2_algorithm_defaults_use_matching_rounds_sha_512() { + test!( + Sha512; + b"password", b"salt", 1, "867f70cf1ade02cff3752599a3a53dc4af34c7a6"; + b"password", b"salt", 2, "e1d9c16aa681708a45f5c7c4e215ceb66e011a2e"; + b"password", b"salt", 4096, "d197b1b33db0143e018b12f3d1d1479e6cdebdcc"; + // this test passes, but takes a long time to execute + // b"password", b"salt", 16777216, "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"; + b"passwordPASSWORDpassword", b"saltSALTsaltSALTsaltSALTsaltSALTsalt", 4096, + "8c0511f4c6e597c6ac6315d8f0362e225f3c5014"; + b"pass\0word", b"sa\0lt", 4096, "9d9e9c4cd21fe4be24d5b8244c759665f39d98fc"; + ); +} From f2b735fe1952dc54c3229c8fffdbbcc2600da19f Mon Sep 17 00:00:00 2001 From: Mike Mulchrone Date: Thu, 19 Mar 2026 20:49:18 -0400 Subject: [PATCH 3/8] extra space :( --- pbkdf2/src/params.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pbkdf2/src/params.rs b/pbkdf2/src/params.rs index 0dc3b391..aaaad12d 100644 --- a/pbkdf2/src/params.rs +++ b/pbkdf2/src/params.rs @@ -184,7 +184,7 @@ impl TryFrom<&phc::PasswordHash> for Params { return Err(Error::Version); } - let params = Self::try_from(&hash.params)?; + let params = Self::try_from(&hash.params)?; if let Some(hash) = &hash.hash { if hash.len() != params.output_len { From bf55c4f60a1d00f9572e5f6d1e647b745844866c Mon Sep 17 00:00:00 2001 From: Mike Mulchrone Date: Thu, 19 Mar 2026 21:35:32 -0400 Subject: [PATCH 4/8] fixing up test suite --- pbkdf2/tests/pbkdf2.rs | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/pbkdf2/tests/pbkdf2.rs b/pbkdf2/tests/pbkdf2.rs index de85bb8f..aa21d4f2 100644 --- a/pbkdf2/tests/pbkdf2.rs +++ b/pbkdf2/tests/pbkdf2.rs @@ -2,6 +2,11 @@ use belt_hash::BeltHash; use hex_literal::hex; +#[cfg(all(feature = "sha2", feature = "phc"))] +use pbkdf2::{ + Params, Pbkdf2, + password_hash::{PasswordHasher, PasswordVerifier}, +}; use sha1::Sha1; use sha2::{Sha256, Sha512}; use streebog::Streebog512; @@ -16,6 +21,7 @@ macro_rules! test { const N: usize = EXPECTED_HASH.len(); let hash = pbkdf2::pbkdf2_hmac_array::<$hash, N>($password, $salt, $rounds); + let hex = hex::encode(hash); assert_eq!(hash[..], EXPECTED_HASH[..]); })* }; @@ -104,7 +110,7 @@ fn pbkdf2_algorithm_defaults_use_matching_rounds_sha_256() { // b"password", b"salt", 16777216, "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"; b"passwordPASSWORDpassword", b"saltSALTsaltSALTsaltSALTsaltSALTsalt", 4096, "348c89dbcbd32b2f32d814b8116e84cf2b17347e"; - b"pass\0word", b"sa\0lt", 4096, "89b69d0516f829893c696226650a86878c029ac1"; + b"pass\0word", b"sa\0lt", 600_000, "efc5286bfbd0681c9600b5c024b8ba1b5ae0f0ab"; ); } @@ -119,6 +125,24 @@ fn pbkdf2_algorithm_defaults_use_matching_rounds_sha_512() { // b"password", b"salt", 16777216, "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"; b"passwordPASSWORDpassword", b"saltSALTsaltSALTsaltSALTsaltSALTsalt", 4096, "8c0511f4c6e597c6ac6315d8f0362e225f3c5014"; - b"pass\0word", b"sa\0lt", 4096, "9d9e9c4cd21fe4be24d5b8244c759665f39d98fc"; + b"pass\0word", b"sa\0lt", 210_000, "4941abc239d618e79f63d3d300e5f81954164bc1"; ); } + +#[test] +#[cfg(all(feature = "sha2", feature = "phc"))] +fn pbkdf2_sha_512_default_interations() { + let hash = Pbkdf2::SHA512 + .hash_password_with_salt(b"pass\0word", b"testsalt") + .unwrap(); + assert_eq!(Params::try_from(&hash).unwrap().rounds(), 210_000); +} + +#[test] +#[cfg(all(feature = "sha2", feature = "phc"))] +fn pbkdf2_sha_256_default_interations() { + let hash = Pbkdf2::SHA256 + .hash_password_with_salt(b"pass\0word", b"testsalt") + .unwrap(); + assert_eq!(Params::try_from(&hash).unwrap().rounds(), 600_000); +} \ No newline at end of file From 58b63e1084ef2aae03163ac7c8949b75390b87b1 Mon Sep 17 00:00:00 2001 From: Mike Mulchrone Date: Thu, 19 Mar 2026 21:51:23 -0400 Subject: [PATCH 5/8] fix typo --- pbkdf2/tests/pbkdf2.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pbkdf2/tests/pbkdf2.rs b/pbkdf2/tests/pbkdf2.rs index aa21d4f2..67def816 100644 --- a/pbkdf2/tests/pbkdf2.rs +++ b/pbkdf2/tests/pbkdf2.rs @@ -131,7 +131,7 @@ fn pbkdf2_algorithm_defaults_use_matching_rounds_sha_512() { #[test] #[cfg(all(feature = "sha2", feature = "phc"))] -fn pbkdf2_sha_512_default_interations() { +fn pbkdf2_sha_512_default_iterations() { let hash = Pbkdf2::SHA512 .hash_password_with_salt(b"pass\0word", b"testsalt") .unwrap(); @@ -140,7 +140,7 @@ fn pbkdf2_sha_512_default_interations() { #[test] #[cfg(all(feature = "sha2", feature = "phc"))] -fn pbkdf2_sha_256_default_interations() { +fn pbkdf2_sha_256_default_iterations() { let hash = Pbkdf2::SHA256 .hash_password_with_salt(b"pass\0word", b"testsalt") .unwrap(); From 5deb1beb35912259382787727fd9a4de59d7d43a Mon Sep 17 00:00:00 2001 From: Mike Mulchrone Date: Thu, 19 Mar 2026 21:54:47 -0400 Subject: [PATCH 6/8] fmt --- pbkdf2/src/lib.rs | 10 ++++++++-- pbkdf2/tests/pbkdf2.rs | 7 +++---- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/pbkdf2/src/lib.rs b/pbkdf2/src/lib.rs index 0aa68677..ab66d468 100644 --- a/pbkdf2/src/lib.rs +++ b/pbkdf2/src/lib.rs @@ -297,10 +297,16 @@ pub struct Pbkdf2 { #[cfg(feature = "sha2")] impl Pbkdf2 { /// PBKDF2 configured with SHA-256 as the default. - pub const SHA256: Self = Self::new(Algorithm::Pbkdf2Sha256, Params::recommended_for(Algorithm::Pbkdf2Sha256)); + pub const SHA256: Self = Self::new( + Algorithm::Pbkdf2Sha256, + Params::recommended_for(Algorithm::Pbkdf2Sha256), + ); /// PBKDF2 configured with SHA-512 as the default. - pub const SHA512: Self = Self::new(Algorithm::Pbkdf2Sha512, Params::recommended_for(Algorithm::Pbkdf2Sha512)); + pub const SHA512: Self = Self::new( + Algorithm::Pbkdf2Sha512, + Params::recommended_for(Algorithm::Pbkdf2Sha512), + ); } #[cfg(feature = "sha2")] diff --git a/pbkdf2/tests/pbkdf2.rs b/pbkdf2/tests/pbkdf2.rs index 67def816..df971a13 100644 --- a/pbkdf2/tests/pbkdf2.rs +++ b/pbkdf2/tests/pbkdf2.rs @@ -21,7 +21,6 @@ macro_rules! test { const N: usize = EXPECTED_HASH.len(); let hash = pbkdf2::pbkdf2_hmac_array::<$hash, N>($password, $salt, $rounds); - let hex = hex::encode(hash); assert_eq!(hash[..], EXPECTED_HASH[..]); })* }; @@ -101,7 +100,7 @@ fn pbkdf2_belt() { } #[test] fn pbkdf2_algorithm_defaults_use_matching_rounds_sha_256() { - test!( + test!( Sha256; b"password", b"salt", 1, "120fb6cffcf8b32c43e7225256c4f837a86548c9"; b"password", b"salt", 2, "ae4d0c95af6b46d32d0adff928f06dd02a303f8e"; @@ -116,7 +115,7 @@ fn pbkdf2_algorithm_defaults_use_matching_rounds_sha_256() { #[test] fn pbkdf2_algorithm_defaults_use_matching_rounds_sha_512() { - test!( + test!( Sha512; b"password", b"salt", 1, "867f70cf1ade02cff3752599a3a53dc4af34c7a6"; b"password", b"salt", 2, "e1d9c16aa681708a45f5c7c4e215ceb66e011a2e"; @@ -145,4 +144,4 @@ fn pbkdf2_sha_256_default_iterations() { .hash_password_with_salt(b"pass\0word", b"testsalt") .unwrap(); assert_eq!(Params::try_from(&hash).unwrap().rounds(), 600_000); -} \ No newline at end of file +} From 75177cf31f2372254d911b13b22362cfd9a7f323 Mon Sep 17 00:00:00 2001 From: Mike Mulchrone Date: Thu, 19 Mar 2026 21:57:17 -0400 Subject: [PATCH 7/8] clippy --- pbkdf2/tests/pbkdf2.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pbkdf2/tests/pbkdf2.rs b/pbkdf2/tests/pbkdf2.rs index df971a13..7017bc35 100644 --- a/pbkdf2/tests/pbkdf2.rs +++ b/pbkdf2/tests/pbkdf2.rs @@ -5,7 +5,7 @@ use hex_literal::hex; #[cfg(all(feature = "sha2", feature = "phc"))] use pbkdf2::{ Params, Pbkdf2, - password_hash::{PasswordHasher, PasswordVerifier}, + password_hash::{PasswordHasher}, phc::PasswordHash, }; use sha1::Sha1; use sha2::{Sha256, Sha512}; @@ -131,7 +131,7 @@ fn pbkdf2_algorithm_defaults_use_matching_rounds_sha_512() { #[test] #[cfg(all(feature = "sha2", feature = "phc"))] fn pbkdf2_sha_512_default_iterations() { - let hash = Pbkdf2::SHA512 + let hash: PasswordHash = Pbkdf2::SHA512 .hash_password_with_salt(b"pass\0word", b"testsalt") .unwrap(); assert_eq!(Params::try_from(&hash).unwrap().rounds(), 210_000); @@ -140,7 +140,7 @@ fn pbkdf2_sha_512_default_iterations() { #[test] #[cfg(all(feature = "sha2", feature = "phc"))] fn pbkdf2_sha_256_default_iterations() { - let hash = Pbkdf2::SHA256 + let hash: PasswordHash = Pbkdf2::SHA256 .hash_password_with_salt(b"pass\0word", b"testsalt") .unwrap(); assert_eq!(Params::try_from(&hash).unwrap().rounds(), 600_000); From de610455526898f21eb204c9bd9af846600c1249 Mon Sep 17 00:00:00 2001 From: Mike Mulchrone Date: Thu, 19 Mar 2026 21:59:05 -0400 Subject: [PATCH 8/8] fmt --- pbkdf2/tests/pbkdf2.rs | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/pbkdf2/tests/pbkdf2.rs b/pbkdf2/tests/pbkdf2.rs index 7017bc35..4f57005f 100644 --- a/pbkdf2/tests/pbkdf2.rs +++ b/pbkdf2/tests/pbkdf2.rs @@ -3,10 +3,7 @@ use belt_hash::BeltHash; use hex_literal::hex; #[cfg(all(feature = "sha2", feature = "phc"))] -use pbkdf2::{ - Params, Pbkdf2, - password_hash::{PasswordHasher}, phc::PasswordHash, -}; +use pbkdf2::{Params, Pbkdf2, password_hash::PasswordHasher, phc::PasswordHash}; use sha1::Sha1; use sha2::{Sha256, Sha512}; use streebog::Streebog512;