Skip to content

bad-antics/PasswordHashing.jl

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
src
src
 
 
test
test
 
 
LICENSE
LICENSE
 
 
Manifest.toml
Manifest.toml
 
 
Project.toml
Project.toml
 
 
README.md
README.md
 
 

Repository files navigation

PasswordHashing.jl

Tests Julia

Unified password hashing library for Julia implementing bcrypt, scrypt, and Argon2id with a consistent, secure-by-default API.

All implementations are pure Julia — no external C dependencies required.

Features

  • bcrypt — Blowfish-based password hashing ($2b$ format, cost 4–31)
  • scrypt — Memory-hard key derivation (RFC 7914)
  • Argon2id — Hybrid memory-hard function (PHC winner)
  • Unified APIhashpw() / checkpw() for all algorithms
  • Constant-time comparison — Timing attack resistant
  • Self-describing hashes — Algorithm & parameters embedded in output

Installation

using Pkg
Pkg.add("PasswordHashing")

Quick Start

using PasswordHashing

# Hash a password (bcrypt by default, cost=12)
hash = hashpw("my-secret-password")

# Verify
checkpw("my-secret-password", hash)   # => true
checkpw("wrong-password", hash)       # => false

Algorithm Selection

# bcrypt (default) — good general-purpose choice
hash = hashpw("password", :bcrypt; cost=12)
# => "$2b$12$..."

# scrypt — memory-hard, good against GPU attacks
hash = hashpw("password", :scrypt; N=2^15, r=8, p=1)
# => "$scrypt$ln=15,r=8,p=1$..."

# Argon2id — state-of-the-art, PHC competition winner
hash = hashpw("password", :argon2id; time_cost=3, memory_cost=65536, parallelism=1)
# => "$argon2id$v=19$m=65536,t=3,p=1$..."

API Reference

hashpw(password, algorithm; kwargs...) -> String

Hash a password and return a formatted hash string.

Algorithm Parameter Default Description
:bcrypt cost 12 CPU cost (2^cost iterations)
:scrypt N 16384 CPU/memory cost (power of 2)
:scrypt r 8 Block size
:scrypt p 1 Parallelism
:argon2id time_cost 3 Number of iterations
:argon2id memory_cost 65536 Memory in KiB
:argon2id parallelism 1 Thread count

checkpw(password, hash) -> Bool

Verify a password against a stored hash. Automatically detects the algorithm.

generate_salt(n=16) -> Vector{UInt8}

Generate cryptographically random salt bytes.

Security Notes

  • Constant-time comparison prevents timing side-channel attacks
  • Automatic salt generation using RandomDevice() (OS CSPRNG)
  • bcrypt truncates passwords at 72 bytes per specification
  • Hash strings are self-describing — safe to store and verify without tracking parameters

Internals

Component Description
Blowfish Full cipher with P-array and 4 S-boxes
PBKDF2-SHA256 Used by scrypt and Argon2id
HMAC-SHA256 PRF for PBKDF2
Salsa20/8 Core mixing function for scrypt
bcrypt Base64 Custom alphabet (./A-Za-z0-9)

License

MIT

About

Unified password hashing for Julia — bcrypt, scrypt, Argon2id with a consistent API

Topics

security cryptography argon2 julia bcrypt password-hashing

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 Latest
Mar 15, 2026

Packages

 
 
 

Contributors

Languages