Mass Cryptography (mcrypt) CLI tool for high-speed bulk password hashing.
Project description
mcrypt (Mass Crypto) 🚀
mcrypt (Mass Cryptography) is an ultra-fast, production-ready password hashing library and CLI tool built in Rust. Inspired by bcrypt, mcrypt is architected from the ground up to handle mass cryptography operations—such as handling millions of password hashes concurrently during database migrations or high-traffic authentication workloads—without choking the server.
🔥 Key Features
- Blazing Fast Key Stretching: Implements a hardware-accelerated SHA-256 stretching engine running over 2^rounds iterations.
- OS-Level CSPRNG Salting: Uses the operating system's secure entropy (
OsRng) to generate cryptographically secure unique salts. - Timing-Attack Protection: Core verification utilizes a Constant-Time Byte Comparison algorithm to safely mitigate side-channel timing attacks.
- Strict Hidden Pepper: Supports compiled internal secrets and custom application peppers to protect against database leaks.
- Universal FFI Bindings: Written in Rust, exportable via C-FFI to Python, JavaScript (Node.js), C/C++, and Java with zero performance overhead.
- Production CLI Integration: Ships as a standalone native binary utility tool for sysadmins and DevOps engineers.
📊 Standard Format Layout
mcrypt outputs hashes in an explicit structured string layout:
$mcrypt$v3$r12$sl16$AGIDzaexHggeY8us$33a48da36f94c4c960e03...
│ │ │ │ │ │
│ │ │ │ └─► Secure Salt └─► Final Hex Hash (SHA-256)
│ │ │ └─► Salt Length (16 bytes)
│ │ └─► Work Factor / Rounds (2^12 = 4096 iterations)
│ └─► Core Layout Version
└─► mcrypt Signature Identifier
🚀 Installation & Setup
🦀 Rust & CLI Installation
cargo install --path .
🐍 Python Installation
pip install mcrypt-mass-crypto
🟢 Node.js Installation
npm install mcrypt-mass-crypto
☕ Java Installation (Maven)
Add the dependency to your pom.xml:
<dependency>
<groupId>io.github.veereshhanni</groupId>
<artifactId>mcrypt-mass-crypto-java</artifactId>
<version>1.2.0</version>
</dependency>
Or build from source:
cargo build --release
cd bindings/java
mvn package
At runtime, make sure the native library is on java.library.path or pass an explicit JNA library name/path:
java -Dmcrypt.library=../../target/release/mcrypt_native -jar your-app.jar
🔧 C/C++ Installation
Include the header and link against the native library:
#include "mcrypt.h"
// Link with: -lmcrypt_native
🛠️ Usage Quickstart
1. Command Line Interface (CLI)
Always wrap your salt strings in single quotes ('...') inside PowerShell/Terminals to prevent environment variable interpolation of the $ tokens.
# Step A: Generate a secure salt prefix (12 rounds)
$ mcrypt gensalt 12
$mcrypt$v3$r12$sl16$AGIDzaexHggeY8us
# Step B: Compute the database hash using the generated salt
$ mcrypt hash 'MyPass' '$mcrypt$v3$r12$sl16$AGIDzaexHggeY8us'
$mcrypt$v3$r12$sl16$AGIDzaexHggeY8us$33a48da36f94c4c960e03f5b051a3aa2579d2ba4489d59bfa37787b527d2e685
# Step C: Verify credentials directly from the terminal
$ mcrypt verify 'MyPass' '$mcrypt$v3$r12$sl16$AGIDzaexHggeY8us$33a48da36f94c4c960e03...'
true
2. Python
import mcrypt
# Generate salt
salt = mcrypt.gensalt(rounds=12)
# Hash password for database storage
db_hash = mcrypt.hash_with_salt("KoppalGadag@2026", salt_prefix=salt)
# Verify user login
is_valid = mcrypt.verify("KoppalGadag@2026", db_hash)
print(f"Authentication success: {is_valid}") # True
# With custom application pepper
db_hash = mcrypt.hash_with_salt("MyPassword", salt_prefix=salt, custom_pepper="AppSecret!")
is_valid = mcrypt.verify("MyPassword", db_hash, custom_pepper="AppSecret!")
3. Node.js
const mcrypt = require('mcrypt-mass-crypto');
// Generate salt
const salt = mcrypt.gensalt(12, 16);
// Hash password for database storage
const dbHash = mcrypt.hashWithSalt("KoppalGadag@2026", salt);
// Verify user login
const isValid = mcrypt.verify("KoppalGadag@2026", dbHash);
console.log(`Authentication success: ${isValid}`); // true
4. Java
import io.github.veereshhanni.mcrypt.Mcrypt;
// Generate salt
String salt = Mcrypt.gensalt(12);
// Hash password for database storage
String hash = Mcrypt.hashWithSalt("KoppalGadag@2026", salt);
// Verify user login
boolean valid = Mcrypt.verify("KoppalGadag@2026", hash);
System.out.println("Authentication success: " + valid); // true
5. C/C++
#include "mcrypt.h"
// Generate salt
const char* salt = mcrypt_gensalt(12, 16);
// Hash password
const char* hash = mcrypt_hash_with_salt("KoppalGadag@2026", salt);
// Verify
bool valid = mcrypt_verify("KoppalGadag@2026", hash);
// IMPORTANT: Free strings returned by mcrypt to avoid memory leaks
mcrypt_free_string((char*)hash);
mcrypt_free_string((char*)salt);
🧪 Testing
mcrypt ships with comprehensive test suites for all supported languages:
# Python (28 tests)
maturin develop && python tests/test_python.py
# CLI (24 tests)
cargo build --release && powershell -File tests/test_cli.ps1
# Node.js (25 tests)
cd bindings/nodejs && npm install && cd ../.. && node tests/test_nodejs.js
# Java (27 tests)
cd bindings/java && mvn test
# Production import tests (simulates real-world pip/npm install usage)
python tests/test_production_python.py
node tests/test_production_nodejs.js
🛡️ Security Best Practices Enforced
- Work Factor Tuning:
mcryptstrictly enforces rounds between4and31. We recommend settingrounds=12for standard applications and scaling up based on server benchmarking metrics. - Memory Hardening: C-FFI layers include an explicit
mcrypt_free_stringcontroller to force memory de-allocation inside native execution boundaries, avoiding potential memory leaks across managed runtime ecosystems like Node.js and Java. - Constant-Time Comparison: All
verify()functions use XOR-based constant-time byte comparison to prevent timing side-channel attacks. - Application Pepper Support: Supports custom peppers per-application, providing an additional layer of protection against database-only leaks.
📦 CI/CD & Publishing
mcrypt uses GitHub Actions for automated publishing on tag push (v*):
| Package | Registry | Install Command |
|---|---|---|
| Python | PyPI | pip install mcrypt-mass-crypto |
| Node.js | npm | npm install mcrypt-mass-crypto |
| Java | Maven / GitHub Packages | See Maven dependency above |
| Rust CLI | Source | cargo install --path . |
📄 License
Distributed under the MIT License. Feel free to use, distribute, and optimize.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distributions
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mcrypt_mass_crypto-1.2.1rc1-cp312-cp312-win_amd64.whl.
File metadata
- Download URL: mcrypt_mass_crypto-1.2.1rc1-cp312-cp312-win_amd64.whl
- Upload date:
- Size: 121.8 kB
- Tags: CPython 3.12, Windows x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
42155582a2546a2ff30ad8d3ab891b52e54f15299451111e3f2e05a6203574d5
|
|
| MD5 |
f93baffda23dcaa76006fe45f92d9481
|
|
| BLAKE2b-256 |
275b3358b0c5bef0c6f5a0d1dea1bd600de35913d60fe21810246c3986d9bf89
|
File details
Details for the file mcrypt_mass_crypto-1.2.1rc1-cp312-cp312-manylinux_2_34_x86_64.whl.
File metadata
- Download URL: mcrypt_mass_crypto-1.2.1rc1-cp312-cp312-manylinux_2_34_x86_64.whl
- Upload date:
- Size: 257.1 kB
- Tags: CPython 3.12, manylinux: glibc 2.34+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7552c43ef219f044d3a396b93cb599fbf0f1427f7f69620ed42231454781470d
|
|
| MD5 |
e253b7fde601e07de31ad20b62101625
|
|
| BLAKE2b-256 |
1fe68d5bbad9646b6d9ca5fd35b44f121ed70b068cf107e3c3d5d89844641f5d
|
File details
Details for the file mcrypt_mass_crypto-1.2.1rc1-cp312-cp312-macosx_10_12_x86_64.whl.
File metadata
- Download URL: mcrypt_mass_crypto-1.2.1rc1-cp312-cp312-macosx_10_12_x86_64.whl
- Upload date:
- Size: 227.0 kB
- Tags: CPython 3.12, macOS 10.12+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e620bfb33bba5b3a8c805e8bd0fc6004480ac01a9bd076d783508f4d13c867f8
|
|
| MD5 |
689b259485e2e1aa72e75c808e202f7c
|
|
| BLAKE2b-256 |
c972f39fbf776571754ad60c18a4e9f26e4cb6751060bc2b43d9c112871a9180
|