kd_bcrypt
A pure Dart bcrypt implementation for secure password hashing with 100% test coverage.
Features
- Pure Dart implementation (no native dependencies)
- Configurable cost factor (4-31)
- Timing-safe password verification
- Secure random salt generation
- Comprehensive password validation
- Standard bcrypt hash format ($2a$[cost]$[salt][hash])
Installation
dependencies:
kd_bcrypt: ^1.0.0Usage
Basic Usage
import 'package:kd_bcrypt/kd_bcrypt.dart';
// Create a bcrypt instance with default cost factor (12)
final bcrypt = Bcrypt();
// Hash a password
final hash = bcrypt.hash('mySecurePassword123!');
// Verify a password
final isValid = bcrypt.verify('mySecurePassword123!', hash);
print('Password valid: $isValid'); // trueCustom Cost Factor
// Higher cost = more secure but slower
final secureBcrypt = Bcrypt(rounds: 14);
// Lower cost = faster (good for testing)
final fastBcrypt = Bcrypt(rounds: 4);Password Validation
final bcrypt = Bcrypt();
final validation = bcrypt.validatePassword('password123');
if (!validation.isValid) {
for (final error in validation.errors) {
print('- $error');
}
}Security Considerations
Cost Factor
- 4-10: Fast (good for testing)
- 12: Default (good balance of security and performance)
- 14-31: Very secure (slower, good for production)
The verify() method uses timing-safe comparison to prevent timing attacks.
Each hash uses a unique, cryptographically secure random salt to prevent rainbow table attacks.