One-way string hashing for salted passwords using the Unix crypt format.
This package implements the SHA-256 crypt hash as specified by "Unix crypt using SHA-256 and SHA-512" (version: 0.4 2008-04-03).
It can produce crypt formatted string like:
$5$xYWYo0raYwLSchAd$na8cL1H.ESWtof6DNwraE6p8WI9DYObZ3irMe01Guk6
and
$5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2.opqey6IcA
Where the leading "$5$" indicates this is a SHA-256 crypt, and is followed a number of fields separated by the dollar sign: a optional the number of rounds, the salt and the hash value. When SHA-256 is being used, the default number of rounds is 5000 (as defined by the specification).
Note: different systems use the crypt formatted string
differently. For example, as the value of the userPassword
attribute in an LDAP posixAccount entry, "{crypt}" needs to be
prepended to it.
import 'package:crypt/crypt.dart';
main() {
var c1 = new Crypt.sha256("p@ssw0rd"); // default rounds, random salt
var c2 = new Crypt.sha256("p@ssw0rd", rounds: 10000); // random salt
var c3 = new Crypt.sha256("p@ssw0rd", salt: "abcdefghijklmnop");//default rounds
var c4 = new Crypt.sha256("p@ssw0rd", rounds: 10000, salt:"abcdefghijklmnop");
print(c1.toString());
print(c2.toString());
print(c3.toString());
print(c4.toString());
var suppliedValue = "p@ssw0rd";
if (c1.match(suppliedValue)) {
print("Correct value match");
} else {
print("Error: unexpected non-match: $suppliedValue");
}
suppliedValue = "123456";
if (c1.match(suppliedValue)) {
print("Error: unexpected match: $suppliedValue");
} else {
print("Incorrect value does not match");
}
}
The above example produced this output:
$5$Uyh9BFrJI2eRkEch$3pgBGIfwTS/Twk1hI7o9Ev5c2cnBRtkwKEutg6.SLL9
$5$rounds=10000$BRDqRDZxbDdvQSwP$74NE3FVcM79SNlzG.qmlM3xf6IIsdi8Qt8WJwVN60h8
$5$abcdefghijklmnop$gUWLu9sDI2Qvs112Xb8jmgD3ySIRE5ek63jk6ybSs7D
$5$rounds=10000$abcdefghijklmnop$51muKIziT9VAyDZ2ZueAYvAwgIYx0cLxUCIAlPoWaHD
Correct value match
Incorrect value does not match
Create a crypt from a value using the [sha256] constructor, or by parsing a crypt formatted string using the default constructor.
Obtain the crypt formatted string by using the [toString] method.
Test if a value's hash matches using the [match] method.
Currently only SHA-256 crypt hashes are supported. This package uses the crypto package for the cryptographic algorithms, which does not yet support DES or SHA-512. So those types of crypt hashes are not supported.
Salt generation does not use a cryptographically secure random number generator. If this is a concern, pass in a randomly generated salt value that you want to use.
Please file feature requests and bugs at the GitHub issue tracker.
example/crypt.dart
// Copyright (c) 2015, 2016, 2017, Hoylen Sue. All rights reserved. Use of this source code
// is governed by a BSD-style license that can be found in the LICENSE file.
library crypt.example;
import 'package:crypt/crypt.dart';
void main() {
final c1 = new Crypt.sha256("p@ssw0rd"); // default rounds, random salt
final c2 = new Crypt.sha256("p@ssw0rd", rounds: 10000); // random salt
final c3 =
new Crypt.sha256("p@ssw0rd", salt: "abcdefghijklmnop"); // default rounds
final c4 =
new Crypt.sha256("p@ssw0rd", rounds: 10000, salt: "abcdefghijklmnop");
print(c1.toString());
print(c2.toString());
print(c3.toString());
print(c4.toString());
var suppliedValue = "p@ssw0rd";
if (c1.match(suppliedValue)) {
print("Correct value match");
} else {
print("Error: unexpected non-match: $suppliedValue");
}
suppliedValue = "123456";
if (c1.match(suppliedValue)) {
print("Error: unexpected match: $suppliedValue");
} else {
print("Incorrect value does not match");
}
}
Add this to your package's pubspec.yaml file:
dependencies:
crypt: ^1.0.7
You can install packages from the command line:
with pub:
$ pub get
with Flutter:
$ flutter packages get
Alternatively, your editor might support pub get
or flutter packages get
.
Check the docs for your editor to learn more.
Now in your Dart code, you can use:
import 'package:crypt/crypt.dart';
Version | Uploaded | Documentation | Archive |
---|---|---|---|
1.0.7 | Aug 10, 2018 |
|
|
1.0.6 | Aug 7, 2018 |
|
|
1.0.5 | Dec 17, 2017 |
|
|
1.0.4 | Jul 28, 2017 |
|
|
1.0.3 | Jun 2, 2017 |
|
|
1.0.2 | Apr 12, 2016 |
|
|
1.0.1 | Apr 12, 2016 |
|
|
1.0.0 | Apr 12, 2016 |
|
|
0.0.1 | Apr 11, 2015 |
|
|
Popularity:
Describes how popular the package is relative to other packages.
[more]
|
70
|
Health:
Code health derived from static analysis.
[more]
|
100
|
Maintenance:
Reflects how tidy and up-to-date the package is.
[more]
|
100
|
Overall:
Weighted score of the above.
[more]
|
85
|
We analyzed this package on Feb 14, 2019, and provided a score, details, and suggestions below. Analysis was completed with status completed using:
Detected platforms: Flutter, web, other
No platform restriction found in primary library
package:crypt/crypt.dart
.
Package | Constraint | Resolved | Available |
---|---|---|---|
Direct dependencies | |||
Dart SDK | >=1.13.0 <3.0.0 | ||
crypto | >=0.9.0 <3.0.0 | 2.0.6 | |
Transitive dependencies | |||
charcode | 1.1.2 | ||
collection | 1.14.11 | ||
convert | 2.1.1 | ||
typed_data | 1.1.6 | ||
Dev dependencies | |||
test | >=0.12.10 <1.4.0 |