Today we are announcing the alpha release of libpasta!
libpasta is intended to be a cross-language, cross-platform, easy-to-use
password hashing library for developers. In particular, libpasta offers a
simple API, which uses sane defaults, offering a relatively high security
level with zero configuration or parameter choice for the developer.
Storing/verifying a password is as simple as libpasta.hash_password(pw) and
libpasta.verify_password(hash, pw).
Furthermore, libpasta is built to handle migrating from old hashes, finally allowing developers to move away from old, outdated algorithms and parameters. Once libpasta is in place, it will happily update to any new algorithm or parameter choices.
Our vision for libpasta, is to be available across many platforms, offering accessible password storage functionality to all applications. The core of libpasta is written in Rust, and we have already written a number of bindings for different languages.
To find out more, dive into some of the menu items on the left covering more about what is libpasta, password hashing theory, or getting started with libpasta.
libpasta is still in its early stages. The main functionality is written in Rust, with support for other languages following close behind. However, the core code needs to be audited/optimised.
We are currently looking for testing and feedback on the library.
So far, libpasta is being developed by Sam Scott as part of a NSF-funded project at Cornell Tech, in collaboration with Tom Ristenpart and Ari Juels. We are actively looking for new contributors, with the possibility of offering part and full-time positions to continue the work.