How to Hash Passwords in Rust (bcrypt, argon2)

Use the argon2 crate to hash passwords securely with Argon2id, the current industry standard. Add argon2 = "0.5" to your Cargo.toml and run the following code to hash and verify a password:

use argon2::{Argon2, PasswordHash, PasswordHasher, PasswordVerifier};
use argon2::password_hash::SaltString;
use argon2::password_hash::rand_core::OsRng;

fn main() {
    let password = b"super_secret_password";
    let salt = SaltString::generate(&mut OsRng);
    let argon2 = Argon2::default();
    let hash = argon2.hash_password(password, &salt).unwrap().to_string();
    println!("Hash: {}", hash);
    let parsed_hash = PasswordHash::new(&hash).unwrap();
    argon2.verify_password(password, &parsed_hash).unwrap();
}

For bcrypt, add bcrypt = "0.16" to Cargo.toml and use bcrypt::hashpw and bcrypt::verify similarly.

Password hashing turns a plain text password into a scrambled string that cannot be reversed. This protects user accounts because even if hackers steal your database, they cannot read the original passwords. Think of it like a one-way lock: you can put a key in to open it, but you can never take the key out again.