Adds recipe for salt and hash a password using ring crate

[j-haj]

Adds recipe for #288

• Slightly changes the wording on the example (explicitly mentioning PBKDF2)
• Uses PBKDF2 key derivation function
• Verifies password with hash

cc #213

fixes #288

[budziq]

@j-haj That is an excellent example!
Just some minor stylistic suggestions below and we are ready to merge!

• also please run rustfmt on the example.

[budziq]

@j-haj That is an excellent example!
Just some minor stylistic suggestions below and we are ready to merge!

• also please run rustfmt on the example.

[budziq]

salt generation is a crucial step that can be easily missed in this example. I would suggest adding comment above // Generate salt and mention it ind the textual description above (with links to fill)

[j-haj]

Excellent point! I updated the discussion and modified the code organization to make the salt generation stand out

[budziq]

I would just use &digest::SHA512 directly everywhere. I feel Its less noisy and easier to understand that way.

[j-haj]

Agreed -- good suggestion

[budziq]

hmm the data_encoding crate is actually besides the point of the example but we might still add it to the crate list. I'll leave the decision up to you.

[j-haj]

Added

[budziq]

I would put the rng initiation below the consts declarations

[j-haj]

Done

[budziq]

lets also printout the salt here

[budziq]

it might be easier to spot if we use value other than variable name. how about something based on https://xkcd.com/936/ ;)

[j-haj]

Updated! If only I was as witty as xkcd...

[budziq]

How about we provide two separate calls to verify one with correct password and second one with bogus one each succeeded by call to assert!(hash_verification.is_ok()); instead of the match and println!?

I'm not sure what would be nicer here. So I'll let you decide.

[j-haj]

I added the asserts, however on the failing assert I do assert!(!should_fail.is_ok()); so we don't have to worry about a failing assert. I have encountered differing opinions on this approach, so I am happy to remove the negation if you prefer!

[j-haj]

Excellent feedback as always. Just want to run everything through rustfmt and I'll update the PR.

[j-haj]

One other thing I wanted to run by you was the formatting on some of the function calls to derive/verify. Rustfmt reformatted two of them into the argument column formatting seen in the example (for consistency I added the third). I like this formatting but it makes the example a bit longer in terms of line count. I'm happy to flatten things out if you prefer!

[budziq]

Thanks @j-haj ! That is very fine work!