Skip to main content

Mass Cryptography (mcrypt) CLI tool for high-speed bulk password hashing.

Project description

mcrypt (Mass Crypto) 🚀

mcrypt (Mass Cryptography) is an ultra-fast, production-ready password hashing library and CLI tool built in Rust. Inspired by bcrypt, mcrypt is architected from the ground up to handle mass cryptography operations—such as handling millions of password hashes concurrently during database migrations or high-traffic authentication workloads—without choking the server.


🔥 Key Features

  • Blazing Fast Key Stretching: Implements a hardware-accelerated SHA-256 stretching engine running over 2^rounds iterations.
  • OS-Level CSPRNG Salting: Uses the operating system's secure entropy (OsRng) to generate cryptographically secure unique salts.
  • Timing-Attack Protection: Core verification utilizes a Constant-Time Byte Comparison algorithm to safely mitigate side-channel timing attacks.
  • Strict Hidden Pepper: Supports compiled internal secrets and custom application peppers to protect against database leaks.
  • Universal FFI Bindings: Written in Rust, exportable via C-FFI to Python, JavaScript (Node.js), C/C++, and Java with zero performance overhead.
  • Production CLI Integration: Ships as a standalone native binary utility tool for sysadmins and DevOps engineers.

📊 Standard Format Layout

mcrypt outputs hashes in an explicit structured string layout:

$mcrypt$v3$r12$sl16$AGIDzaexHggeY8us$33a48da36f94c4c960e03...
  │      │  │   │    │                │
  │      │  │   │    └─► Secure Salt  └─► Final Hex Hash (SHA-256)
  │      │  │   └─► Salt Length (16 bytes)
  │      │  └─► Work Factor / Rounds (2^12 = 4096 iterations)
  │      └─► Core Layout Version
  └─► mcrypt Signature Identifier

🚀 Installation & Setup

🦀 Rust & CLI Installation

cargo install --path .

🐍 Python Installation

pip install mcrypt-mass-crypto

🟢 Node.js Installation

npm install mcrypt-mass-crypto

☕ Java Installation (Maven)

Add the dependency to your pom.xml:

<dependency>
    <groupId>io.github.veereshhanni</groupId>
    <artifactId>mcrypt-mass-crypto-java</artifactId>
    <version>1.2.0</version>
</dependency>

Or build from source:

cargo build --release
cd bindings/java
mvn package

At runtime, make sure the native library is on java.library.path or pass an explicit JNA library name/path:

java -Dmcrypt.library=../../target/release/mcrypt_native -jar your-app.jar

🔧 C/C++ Installation

Include the header and link against the native library:

#include "mcrypt.h"
// Link with: -lmcrypt_native

🛠️ Usage Quickstart

1. Command Line Interface (CLI)

Always wrap your salt strings in single quotes ('...') inside PowerShell/Terminals to prevent environment variable interpolation of the $ tokens.

# Step A: Generate a secure salt prefix (12 rounds)
$ mcrypt gensalt 12
$mcrypt$v3$r12$sl16$AGIDzaexHggeY8us

# Step B: Compute the database hash using the generated salt
$ mcrypt hash 'MyPass' '$mcrypt$v3$r12$sl16$AGIDzaexHggeY8us'
$mcrypt$v3$r12$sl16$AGIDzaexHggeY8us$33a48da36f94c4c960e03f5b051a3aa2579d2ba4489d59bfa37787b527d2e685

# Step C: Verify credentials directly from the terminal
$ mcrypt verify 'MyPass' '$mcrypt$v3$r12$sl16$AGIDzaexHggeY8us$33a48da36f94c4c960e03...'
true

2. Python

import mcrypt

# Generate salt
salt = mcrypt.gensalt(rounds=12)

# Hash password for database storage
db_hash = mcrypt.hash_with_salt("KoppalGadag@2026", salt_prefix=salt)

# Verify user login
is_valid = mcrypt.verify("KoppalGadag@2026", db_hash)
print(f"Authentication success: {is_valid}")  # True

# With custom application pepper
db_hash = mcrypt.hash_with_salt("MyPassword", salt_prefix=salt, custom_pepper="AppSecret!")
is_valid = mcrypt.verify("MyPassword", db_hash, custom_pepper="AppSecret!")

3. Node.js

const mcrypt = require('mcrypt-mass-crypto');

// Generate salt
const salt = mcrypt.gensalt(12, 16);

// Hash password for database storage
const dbHash = mcrypt.hashWithSalt("KoppalGadag@2026", salt);

// Verify user login
const isValid = mcrypt.verify("KoppalGadag@2026", dbHash);
console.log(`Authentication success: ${isValid}`);  // true

4. Java

import io.github.veereshhanni.mcrypt.Mcrypt;

// Generate salt
String salt = Mcrypt.gensalt(12);

// Hash password for database storage
String hash = Mcrypt.hashWithSalt("KoppalGadag@2026", salt);

// Verify user login
boolean valid = Mcrypt.verify("KoppalGadag@2026", hash);
System.out.println("Authentication success: " + valid);  // true

5. C/C++

#include "mcrypt.h"

// Generate salt
const char* salt = mcrypt_gensalt(12, 16);

// Hash password
const char* hash = mcrypt_hash_with_salt("KoppalGadag@2026", salt);

// Verify
bool valid = mcrypt_verify("KoppalGadag@2026", hash);

// IMPORTANT: Free strings returned by mcrypt to avoid memory leaks
mcrypt_free_string((char*)hash);
mcrypt_free_string((char*)salt);

🧪 Testing

mcrypt ships with comprehensive test suites for all supported languages:

# Python (28 tests)
maturin develop && python tests/test_python.py

# CLI (24 tests)
cargo build --release && powershell -File tests/test_cli.ps1

# Node.js (25 tests)
cd bindings/nodejs && npm install && cd ../.. && node tests/test_nodejs.js

# Java (27 tests)
cd bindings/java && mvn test

# Production import tests (simulates real-world pip/npm install usage)
python tests/test_production_python.py
node tests/test_production_nodejs.js

🛡️ Security Best Practices Enforced

  1. Work Factor Tuning: mcrypt strictly enforces rounds between 4 and 31. We recommend setting rounds=12 for standard applications and scaling up based on server benchmarking metrics.
  2. Memory Hardening: C-FFI layers include an explicit mcrypt_free_string controller to force memory de-allocation inside native execution boundaries, avoiding potential memory leaks across managed runtime ecosystems like Node.js and Java.
  3. Constant-Time Comparison: All verify() functions use XOR-based constant-time byte comparison to prevent timing side-channel attacks.
  4. Application Pepper Support: Supports custom peppers per-application, providing an additional layer of protection against database-only leaks.

📦 CI/CD & Publishing

mcrypt uses GitHub Actions for automated publishing on tag push (v*):

Package Registry Install Command
Python PyPI pip install mcrypt-mass-crypto
Node.js npm npm install mcrypt-mass-crypto
Java Maven / GitHub Packages See Maven dependency above
Rust CLI Source cargo install --path .

📄 License

Distributed under the MIT License. Feel free to use, distribute, and optimize.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

mcrypt_mass_crypto-1.2.1-cp312-cp312-win_amd64.whl (121.8 kB view details)

Uploaded CPython 3.12Windows x86-64

mcrypt_mass_crypto-1.2.1-cp312-cp312-manylinux_2_34_x86_64.whl (257.1 kB view details)

Uploaded CPython 3.12manylinux: glibc 2.34+ x86-64

mcrypt_mass_crypto-1.2.1-cp312-cp312-macosx_10_12_x86_64.whl (226.9 kB view details)

Uploaded CPython 3.12macOS 10.12+ x86-64

File details

Details for the file mcrypt_mass_crypto-1.2.1-cp312-cp312-win_amd64.whl.

File metadata

File hashes

Hashes for mcrypt_mass_crypto-1.2.1-cp312-cp312-win_amd64.whl
Algorithm Hash digest
SHA256 0e1570dfa9056172121285e9a1acc4eecc9c60e2445fb715dda89822913fc61a
MD5 63f973511d6c0de624ef506a85bb42cf
BLAKE2b-256 bc0f440a9b77e5e8509a8cc3dba2ff49c7ac1f81a9c6c8f9c455c18fdbcc3aab

See more details on using hashes here.

File details

Details for the file mcrypt_mass_crypto-1.2.1-cp312-cp312-manylinux_2_34_x86_64.whl.

File metadata

File hashes

Hashes for mcrypt_mass_crypto-1.2.1-cp312-cp312-manylinux_2_34_x86_64.whl
Algorithm Hash digest
SHA256 6aa03abd0161ec03bcb0c1b6348d21bd149c480e885fde44ea9c7cdb0dd4637a
MD5 2bb4bf4eb3ac5285d7a4c03495a30fa2
BLAKE2b-256 2cf490d35501bdc92bdfeecfb9dbe48cfeb425f40810083d60ea4cb8c845bfb3

See more details on using hashes here.

File details

Details for the file mcrypt_mass_crypto-1.2.1-cp312-cp312-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for mcrypt_mass_crypto-1.2.1-cp312-cp312-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 a39c18fd82480cdb4754f72ea195f437f96213f57db3e979028a53b31d9cd700
MD5 9f8b57c6f03696a31ba8826939ac83a4
BLAKE2b-256 a4857152015056329004c82d58707ef6e7f086f1fa13c36fce3b86e18b0369da

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page