Bump password-hash to v0.6.0-rc.2

.github/workflows/pbkdf2.yml

@@ -35,13 +35,12 @@ jobs:
           toolchain: ${{ matrix.rust }}
           targets: ${{ matrix.target }}
       - run: cargo build --target ${{ matrix.target }} --no-default-features
-      - run: cargo build --target ${{ matrix.target }} --no-default-features --features simple
 
   minimal-versions:
     if: false # disabled while using pre-releases
     uses: RustCrypto/actions/.github/workflows/minimal-versions.yml@master
     with:
-        working-directory: ${{ github.workflow }}
+      working-directory: ${{ github.workflow }}
 
   test:
     runs-on: ubuntu-latest

.gitignore

@@ -1,4 +1,3 @@
 /target/
-/.readme/target/
-/benches/target/
+**/target/
 **/Cargo.lock

Cargo.toml

@@ -15,3 +15,7 @@ exclude = ["benches", "fuzz"]
 
 [profile.dev]
 opt-level = 2
+
+[patch.crates-io.blake2]
+git = "https://github.com/RustCrypto/hashes"
+branch = "blake2/restore-blake-var"

argon2/Cargo.toml

@@ -35,8 +35,9 @@ password-hash = { version = "0.6.0-rc.1", features = ["rand_core"] }
 [features]
 default = ["alloc", "password-hash", "rand"]
 alloc = ["password-hash?/alloc"]
-std = ["alloc", "password-hash?/os_rng", "base64ct/std"]
+std = ["alloc", "base64ct/std"]
 
+getrandom = ["simple", "password-hash/getrandom"]
 parallel = ["dep:rayon"]
 rand = ["password-hash?/rand_core"]
 simple = ["password-hash"]

argon2/src/blake2b_long.rs

@@ -4,7 +4,7 @@ use crate::{Error, Result};
 
 use blake2::{
     Blake2b512, Blake2bVar,
-    digest::{self, Digest, VariableOutput},
+    digest::{self, Digest},
 };
 
 use core::convert::TryFrom;

argon2/src/lib.rs

@@ -39,16 +39,12 @@
 )]
 //! # fn main() -> Result<(), Box<dyn std::error::Error>> {
 //! use argon2::{
-//!     password_hash::{
-//!         // `OsRng` requires enabled `std` crate feature
-//!         rand_core::OsRng,
-//!         PasswordHash, PasswordHasher, PasswordVerifier, SaltString
-//!     },
+//!     password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString},
 //!     Argon2
 //! };
 //!
 //! let password = b"hunter42"; // Bad password; don't actually use!
-//! let salt = SaltString::try_from_rng(&mut OsRng).unwrap();
+//! let salt = SaltString::generate(); // Note: needs the `getrandom` feature of `argon2` enabled
 //!
 //! // Argon2 with default params (Argon2id v19)
 //! let argon2 = Argon2::default();
@@ -77,16 +73,12 @@
 )]
 //! # fn main() -> Result<(), Box<dyn std::error::Error>> {
 //! use argon2::{
-//!     password_hash::{
-//!         // `OsRng` requires enabled `std` crate feature
-//!         rand_core::OsRng,
-//!         PasswordHash, PasswordHasher, PasswordVerifier, SaltString
-//!     },
+//!     password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString },
 //!     Algorithm, Argon2, Params, Version
 //! };
 //!
 //! let password = b"hunter42"; // Bad password; don't actually use!
-//! let salt = SaltString::try_from_rng(&mut OsRng).unwrap();
+//! let salt = SaltString::generate(); // Note: needs the `getrandom` feature of `argon2` enabled
 //!
 //! // Argon2 with default params (Argon2id v19) and pepper
 //! let argon2 = Argon2::new_with_secret(

balloon-hash/Cargo.toml

@@ -14,25 +14,27 @@ edition = "2024"
 rust-version = "1.85"
 
 [dependencies]
-digest = { version = "0.11.0-rc.1", default-features = false }
-crypto-bigint = { version = "0.7.0-rc.4", default-features = false, features = ["hybrid-array"] }
-rand_core = { version = "0.9", default-features = false }
+digest = { version = "0.11.0-rc.4", default-features = false }
+crypto-bigint = { version = "0.7.0-rc.9", default-features = false, features = ["hybrid-array"] }
+rand_core = { version = "0.10.0-rc-2", default-features = false }
 
 # optional dependencies
-password-hash = { version = "0.6.0-rc.0", default-features = false, optional = true }
+password-hash = { version = "0.6.0-rc.2", default-features = false, optional = true }
 rayon = { version = "1.7", optional = true }
 zeroize = { version = "1", default-features = false, optional = true }
 
 [dev-dependencies]
 hex-literal = "1"
-sha2 = "0.11.0-rc.2"
+sha2 = "0.11.0-rc.3"
 
 [features]
 default = ["alloc", "password-hash", "rand"]
 alloc = ["password-hash/alloc"]
+std = ["alloc", "getrandom"]
+
+getrandom = ["password-hash/getrandom"]
 parallel = ["rayon", "std"]
 rand = ["password-hash/rand_core"]
-std = ["alloc", "password-hash/os_rng", "rand_core/std"]
 zeroize = ["dep:zeroize"]
 
 [package.metadata.docs.rs]

balloon-hash/src/lib.rs

@@ -28,21 +28,17 @@
 //!
 //! The following example demonstrates the high-level password hashing API:
 //!
-//! ```
+#![cfg_attr(feature = "getrandom", doc = "```")]
+#![cfg_attr(not(feature = "getrandom"), doc = "```ignore")]
 //! # fn main() -> Result<(), Box<dyn std::error::Error>> {
-//! # #[cfg(all(feature = "password-hash", feature = "std"))]
-//! # {
 //! use balloon_hash::{
-//!     password_hash::{
-//!         rand_core::OsRng,
-//!         PasswordHash, PasswordHasher, PasswordVerifier, SaltString
-//!     },
+//!     password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString},
 //!     Balloon
 //! };
 //! use sha2::Sha256;
 //!
 //! let password = b"hunter42"; // Bad password; don't actually use!
-//! let salt = SaltString::try_from_rng(&mut OsRng)?;
+//! let salt = SaltString::generate(); // Note: needs the `getrandom` feature of `balloon-hash` enabled
 //!
 //! // Balloon with default params
 //! let balloon = Balloon::<Sha256>::default();
@@ -53,7 +49,6 @@
 //! // Verify password against PHC string
 //! let parsed_hash = PasswordHash::new(&password_hash)?;
 //! assert!(balloon.verify_password(password, &parsed_hash).is_ok());
-//! # }
 //! # Ok(())
 //! # }
 //! ```

bcrypt-pbkdf/Cargo.toml

@@ -14,9 +14,11 @@ edition = "2024"
 rust-version = "1.85"
 
 [dependencies]
-blowfish = { version = "0.10.0-rc.1", features = ["bcrypt"] }
+blowfish = { version = "0.10.0-rc.2", features = ["bcrypt"] }
 pbkdf2 = { version = "0.13.0-rc.1", default-features = false, path = "../pbkdf2" }
-sha2 = { version = "0.11.0-rc.2", default-features = false }
+sha2 = { version = "0.11.0-rc.3", default-features = false }
+
+# optional features
 zeroize = { version = "1", default-features = false, optional = true }
 
 [dev-dependencies]

password-auth/Cargo.toml

@@ -17,14 +17,13 @@ edition = "2024"
 rust-version = "1.85"
 
 [dependencies]
-password-hash = { version = "0.6.0-rc.0", features = ["alloc", "rand_core"] }
-rand_core = { version = "0.9", features = ["os_rng"] }
+getrandom = { version = "0.3", default-features = false }
+password-hash = { version = "0.6.0-rc.2", features = ["alloc", "getrandom"] }
 
 # optional dependencies
 argon2 = { version = "0.6.0-rc.0", optional = true, default-features = false, features = ["alloc", "simple"], path = "../argon2" }
 pbkdf2 = { version = "0.13.0-rc.0", optional = true, default-features = false, features = ["simple"], path = "../pbkdf2" }
 scrypt = { version = "0.12.0-rc.0", optional = true, default-features = false, features = ["simple"], path = "../scrypt" }
-getrandom = { version = "0.3", optional = true, default-features = false }
 
 [features]
 default = ["argon2", "std"]

password-auth/src/lib.rs

@@ -27,7 +27,6 @@ pub use crate::errors::{ParseError, VerifyError};
 
 use alloc::string::{String, ToString};
 use password_hash::{ParamsString, PasswordHash, PasswordHasher, PasswordVerifier, SaltString};
-use rand_core::OsRng;
 
 #[cfg(not(any(feature = "argon2", feature = "pbkdf2", feature = "scrypt")))]
 compile_error!(
@@ -46,7 +45,7 @@ use scrypt::Scrypt;
 /// Uses the best available password hashing algorithm given the enabled
 /// crate features (typically Argon2 unless explicitly disabled).
 pub fn generate_hash(password: impl AsRef<[u8]>) -> String {
-    let salt = SaltString::try_from_rng(&mut OsRng).expect("Rng error");
+    let salt = SaltString::generate();
     generate_phc_hash(password.as_ref(), &salt)
         .map(|hash| hash.to_string())
         .expect("password hashing error")