Fix password truncation, update docs and bump version

ohsayan · Feb 25, 2022 · 804e0f9 · 804e0f9
1 parent 5849066
commit 804e0f9
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 3 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "rcrypt"
-version = "0.4.0-alpha.1"
+version = "0.4.0"
 edition = "2021"
 authors = ["Sayan Nandan <[email protected]>"]
 license = "Apache-2.0"

diff --git a/README.md b/README.md
@@ -22,6 +22,18 @@ assert!(rcrypt::verify(&mypass, &hash).unwrap());
 
 The usage remains just the same for users who use the [bcrypt](https://crates.io/crates/bcrypt) crate, except that the `hash` method returns a `Vec<u8>` instead of a `String`, while for the `verify` method you need to pass a `&[u8]` for the hash.
 
+## Getting back your bcrypt hash
+
+If for some reason you need a `String` with the bcrypt hash from your rcrypt hash, you can do that too!
+Here's the procedure:
+
+```rust
+use rcrypt::DEFAULT_COST;
+let rhash = rcrypt::hash("mypassword", DEFAULT_COST).unwrap();
+// now let's get the bcrypt hash from the rcrypt hash
+let bhash = rcrypt::bmcf::decode_into_mcf(&rhash).unwrap();
+```
+
 ## How it works
 
 The smaller hash sizes result by `rcrypt` producing binary hashes and merging hash fields, in accordance

diff --git a/src/algorithms.rs b/src/algorithms.rs
@@ -156,12 +156,12 @@ fn rcrypt_genhash(password: &[u8], cost: u32, salt: &[u8]) -> RcryptResult<Diges
     // truncate the password if > 72 to 71, because we need to also add the NULL terminator
     // due to a bug with C bcrypt impls (see: https://go-review.googlesource.com/c/crypto/+/177818)
     let trunc_password = if password.len() > 72 {
-        &password[..71]
+        &password[..72]
     } else {
         &password
     };
     // generate the null terminated password
-    let mut null_terminated_password = Vec::with_capacity(password.len() + 1);
+    let mut null_terminated_password = Vec::with_capacity(trunc_password.len() + 1);
     null_terminated_password.extend(trunc_password);
     null_terminated_password.push(0);
     // this is the output digest

diff --git a/src/lib.rs b/src/lib.rs
@@ -40,6 +40,16 @@
 //!
 //! The rest remains unchanged.
 //!
+//! ## Getting back your bcrypt hash
+//!
+//! If for some reason you need a [`String`] with the bcrypt hash, you can do that too!
+//! Here's the procedure:
+//! ```
+//! use rcrypt::DEFAULT_COST;
+//! let rhash = rcrypt::hash("mypassword", DEFAULT_COST).unwrap();
+//! // now let's get the bcrypt hash from the rcrypt hash
+//! let bhash = rcrypt::bmcf::decode_into_mcf(&rhash).unwrap();
+//! ```
 
 /// The default hash cost
 pub const DEFAULT_COST: u32 = 12;