crypt

One-way string hashing for salted passwords using the Unix crypt format.

This package implements the SHA-256 crypt hash as specified by "Unix crypt using SHA-256 and SHA-512" (version: 0.4 2008-04-03).

Crypt format strings

It can produce crypt formatted string like:

$5$xYWYo0raYwLSchAd$na8cL1H.ESWtof6DNwraE6p8WI9DYObZ3irMe01Guk6

and

$5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2.opqey6IcA

Where the leading "$5$" indicates this is a SHA-256 crypt, and is followed a number of fields separated by the dollar sign: a optional the number of rounds, the salt and the hash value. When SHA-256 is being used, the default number of rounds is 5000 (as defined by the specification).

Note: different systems use the crypt formatted string differently. For example, as the value of the userPassword attribute in an LDAP posixAccount entry, "{crypt}" needs to be prepended to it.

Usage

import 'package:crypt/crypt.dart';

main() {
  var c1 = new Crypt.sha256("p@ssw0rd"); // default rounds, random salt
  var c2 = new Crypt.sha256("p@ssw0rd", rounds: 10000); // random salt
  var c3 = new Crypt.sha256("p@ssw0rd", salt: "abcdefghijklmnop");//default rounds
  var c4 = new Crypt.sha256("p@ssw0rd", rounds: 10000, salt:"abcdefghijklmnop");

  print(c1.toString());
  print(c2.toString());
  print(c3.toString());
  print(c4.toString());

  var suppliedValue = "p@ssw0rd";
  if (c1.match(suppliedValue)) {
    print("Correct value match");
  } else {
    print("Error: unexpected non-match: $suppliedValue");
  }

  suppliedValue = "123456";
  if (c1.match(suppliedValue)) {
    print("Error: unexpected match: $suppliedValue");
  } else {
    print("Incorrect value does not match");
  }
}

The above example produced this output:

$5$Uyh9BFrJI2eRkEch$3pgBGIfwTS/Twk1hI7o9Ev5c2cnBRtkwKEutg6.SLL9
$5$rounds=10000$BRDqRDZxbDdvQSwP$74NE3FVcM79SNlzG.qmlM3xf6IIsdi8Qt8WJwVN60h8
$5$abcdefghijklmnop$gUWLu9sDI2Qvs112Xb8jmgD3ySIRE5ek63jk6ybSs7D
$5$rounds=10000$abcdefghijklmnop$51muKIziT9VAyDZ2ZueAYvAwgIYx0cLxUCIAlPoWaHD
Correct value match
Incorrect value does not match

Create a crypt from a value using the [sha256] constructor, or by parsing a crypt formatted string using the default constructor.

Obtain the crypt formatted string by using the [toString] method.

Test if a value's hash matches using the [match] method.

Features and bugs

Currently only SHA-256 crypt hashes are supported. This package uses the crypto package for the cryptographic algorithms, which does not yet support DES or SHA-512. So those types of crypt hashes are not supported.

Salt generation does not use a cryptographically secure random number generator. If this is a concern, pass in a randomly generated salt value that you want to use.

Please file feature requests and bugs at the GitHub issue tracker.

Changelog

1.0.7

Added hashCode property.
Fixed dartanalyzer warnings.

1.0.6

Updated the upper bound of the SDK constraint to <3.0.0.

1.0.5

Code made sound to support Dart strong mode.

1.0.4

Updated dependency to allow usage of crypto verson 2.0.2.

1.0.3

Make compatible with Angular 2 version 3.1.

1.0.2

Fixed parsing bug.

1.0.1

Co-exist with other packages that depend on version 0.x.x of crypto.

1.0.0

Match method and equality operator added.
Changed to represent the crypt as an object with a toString method.

0.0.1

Initial release.

example/crypt.dart

// Copyright (c) 2015, 2016, 2017, Hoylen Sue. All rights reserved. Use of this source code
// is governed by a BSD-style license that can be found in the LICENSE file.

library crypt.example;

import 'package:crypt/crypt.dart';

void main() {
  final c1 = new Crypt.sha256("p@ssw0rd"); // default rounds, random salt
  final c2 = new Crypt.sha256("p@ssw0rd", rounds: 10000); // random salt
  final c3 =
      new Crypt.sha256("p@ssw0rd", salt: "abcdefghijklmnop"); // default rounds
  final c4 =
      new Crypt.sha256("p@ssw0rd", rounds: 10000, salt: "abcdefghijklmnop");

  print(c1.toString());
  print(c2.toString());
  print(c3.toString());
  print(c4.toString());

  var suppliedValue = "p@ssw0rd";
  if (c1.match(suppliedValue)) {
    print("Correct value match");
  } else {
    print("Error: unexpected non-match: $suppliedValue");
  }

  suppliedValue = "123456";
  if (c1.match(suppliedValue)) {
    print("Error: unexpected match: $suppliedValue");
  } else {
    print("Incorrect value does not match");
  }
}

Use this package as a library

1. Depend on it

Add this to your package's pubspec.yaml file:


dependencies:
  crypt: ^1.0.7

2. Install it

You can install packages from the command line:

with pub:


$ pub get

with Flutter:


$ flutter packages get

Alternatively, your editor might support pub get or flutter packages get. Check the docs for your editor to learn more.

3. Import it

Now in your Dart code, you can use:


import 'package:crypt/crypt.dart';

Version	Uploaded	Documentation	Archive
1.0.7	Aug 10, 2018
1.0.6	Aug 7, 2018
1.0.5	Dec 17, 2017
1.0.4	Jul 28, 2017
1.0.3	Jun 2, 2017
1.0.2	Apr 12, 2016
1.0.1	Apr 12, 2016
1.0.0	Apr 12, 2016
0.0.1	Apr 11, 2015

Popularity: Describes how popular the package is relative to other packages. [more]	67
Health: Code health derived from static analysis. [more]	100
Maintenance: Reflects how tidy and up-to-date the package is. [more]	100
Overall: Weighted score of the above. [more]	83

Learn more about scoring.

We analyzed this package on Dec 5, 2018, and provided a score, details, and suggestions below. Analysis was completed with status completed using:

Dart: 2.1.0
pana: 0.12.7

Platforms

Detected platforms: Flutter, web, other

No platform restriction found in primary library package:crypt/crypt.dart.

Dependencies

Package	Constraint	Resolved
Direct dependencies
Dart SDK	>=1.13.0 <3.0.0
crypto	>=0.9.0 <3.0.0	2.0.6
Transitive dependencies
charcode		1.1.2
collection		1.14.11
convert		2.0.2
typed_data		1.1.6
Dev dependencies
test	>=0.12.10 <1.4.0

Dart pub

crypt 1.0.7