feat: add crypto bcrypt issue test

README.md

@@ -5,6 +5,7 @@ Simple Rust Tests
 Project or files:
 ```
 .
+├── README_2.md
 ├── __alloc
 │   └── zeroizing-alloc-demo
 ├── __args
@@ -17,8 +18,8 @@ Project or files:
 │   └── zstd-demo
 ├── __concurrent
 │   ├── arc-swap
-│   ├── async_study
 │   ├── async-fn-resumed-after-completion
+│   ├── async_study
 │   ├── crossbeam_n_parking_lot
 │   ├── glommio
 │   ├── green-threads
@@ -44,6 +45,7 @@ Project or files:
 │   ├── jose-test
 │   ├── jsonwebtoken
 │   ├── liboqs-rust-demo
+│   ├── okta-bcrypt-issue
 │   ├── orion-demo
 │   ├── passkey-rs-demo
 │   ├── password-hash
@@ -77,7 +79,7 @@ Project or files:
 │   └── sqlx
 ├── __diff
 │   ├── diffy
-│   ├── prettydiff
+│   └── prettydiff
 ├── __enclave
 │   └── virt_enclave
 ├── __err
@@ -89,9 +91,9 @@ Project or files:
 ├── __ffi
 │   ├── abi_stable_crates
 │   ├── c
+│   ├── c2
 │   ├── c_export
 │   ├── c_layout
-│   ├── c2
 │   ├── calltoc
 │   ├── cpp
 │   ├── dotalib
@@ -102,7 +104,7 @@ Project or files:
 ├── __fs
 │   ├── crypt4ghfs-rust
 │   ├── fuse
-│   ├── fuser
+│   └── fuser
 ├── __gui
 │   ├── druid
 │   ├── gtk
@@ -176,8 +178,8 @@ Project or files:
 │   ├── ngrok-demo
 │   ├── pcap
 │   ├── quinn
-│   ├── rust_tcp
 │   ├── rust-rawsock-demo
+│   ├── rust_tcp
 │   ├── s2n_quic
 │   ├── socket2
 │   ├── tcp
@@ -222,10 +224,10 @@ Project or files:
 │   ├── sshrs
 │   └── xshell
 ├── __shuttle
-│   ├── hatter-test
+│   └── hatter-test
 ├── __std
-│   ├── async_await
 │   ├── async-fn
+│   ├── async_await
 │   ├── into
 │   ├── iter
 │   ├── misc
@@ -268,8 +270,8 @@ Project or files:
 │   ├── wasmtime-serde-demo
 │   └── wit-bindgen-sample
 ├── __web
-│   ├── actix_rustls
 │   ├── actix-web
+│   ├── actix_rustls
 │   ├── alibabacloundfn
 │   ├── hyper_rustls
 │   ├── hyperrs
@@ -283,9 +285,8 @@ Project or files:
 │   ├── tide
 │   └── warp
 ├── build_readme.rs -> scripts/build_readme_rs/src/main.rs
-├── README_2.md
 ├── scripts
-│   ├── build_readme_rs
+│   └── build_readme_rs
 └── single_file_tests
     ├── 99.rs
     ├── chain.rs
@@ -309,6 +310,6 @@ Project or files:
     ├── vec.rs
     └── while.rs
 
-281 directories, 38 files
+282 directories, 38 files
 ```
 

__crypto/okta-bcrypt-issue/Cargo.lock

@@ -0,0 +1,257 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 4
+
+[[package]]
+name = "base64"
+version = "0.22.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
+
+[[package]]
+name = "bcrypt"
+version = "0.17.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "92758ad6077e4c76a6cadbce5005f666df70d4f13b19976b1a8062eef880040f"
+dependencies = [
+ "base64",
+ "blowfish",
+ "getrandom",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "bitflags"
+version = "2.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1b8e56985ec62d17e9c1001dc89c88ecd7dc08e47eba5ec7c29c7b5eeecde967"
+
+[[package]]
+name = "blowfish"
+version = "0.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e412e2cd0f2b2d93e02543ceae7917b3c70331573df19ee046bcbc35e45e87d7"
+dependencies = [
+ "byteorder",
+ "cipher",
+]
+
+[[package]]
+name = "byteorder"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
+
+[[package]]
+name = "cfg-if"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9555578bc9e57714c812a1f84e4fc5b4d21fcb063490c624de019f7464c91268"
+
+[[package]]
+name = "cipher"
+version = "0.4.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
+dependencies = [
+ "crypto-common",
+ "inout",
+]
+
+[[package]]
+name = "crypto-common"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
+dependencies = [
+ "generic-array",
+ "typenum",
+]
+
+[[package]]
+name = "generic-array"
+version = "0.14.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
+dependencies = [
+ "typenum",
+ "version_check",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "26145e563e54f2cadc477553f1ec5ee650b00862f0a58bcd12cbdc5f0ea2d2f4"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "r-efi",
+ "wasi",
+]
+
+[[package]]
+name = "inout"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01"
+dependencies = [
+ "generic-array",
+]
+
+[[package]]
+name = "libc"
+version = "0.2.174"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1171693293099992e19cddea4e8b849964e9846f4acee11b3948bcc337be8776"
+
+[[package]]
+name = "okta-bcrypt-issue"
+version = "0.1.0"
+dependencies = [
+ "base64",
+ "bcrypt",
+ "rand",
+]
+
+[[package]]
+name = "ppv-lite86"
+version = "0.2.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9"
+dependencies = [
+ "zerocopy",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.95"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "02b3e5e68a3a1a02aad3ec490a98007cbc13c37cbe84a3cd7b8e406d76e7f778"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.40"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "r-efi"
+version = "5.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"
+
+[[package]]
+name = "rand"
+version = "0.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9fbfd9d094a40bf3ae768db9361049ace4c0e04a4fd6b359518bd7b73a73dd97"
+dependencies = [
+ "rand_chacha",
+ "rand_core",
+]
+
+[[package]]
+name = "rand_chacha"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"
+dependencies = [
+ "ppv-lite86",
+ "rand_core",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.9.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38"
+dependencies = [
+ "getrandom",
+]
+
+[[package]]
+name = "subtle"
+version = "2.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
+
+[[package]]
+name = "syn"
+version = "2.0.104"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "17b6f705963418cdb9927482fa304bc562ece2fdd4f616084c50b7023b435a40"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
+[[package]]
+name = "typenum"
+version = "1.18.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f"
+
+[[package]]
+name = "unicode-ident"
+version = "1.0.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512"
+
+[[package]]
+name = "version_check"
+version = "0.9.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
+
+[[package]]
+name = "wasi"
+version = "0.14.2+wasi-0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3"
+dependencies = [
+ "wit-bindgen-rt",
+]
+
+[[package]]
+name = "wit-bindgen-rt"
+version = "0.39.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1"
+dependencies = [
+ "bitflags",
+]
+
+[[package]]
+name = "zerocopy"
+version = "0.8.26"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1039dd0d3c310cf05de012d8a39ff557cb0d23087fd44cad61df08fc31907a2f"
+dependencies = [
+ "zerocopy-derive",
+]
+
+[[package]]
+name = "zerocopy-derive"
+version = "0.8.26"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ecf5b4cc5364572d7f4c329661bcc82724222973f2cab6f050a4e5c22f75181"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "zeroize"
+version = "1.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde"

__crypto/okta-bcrypt-issue/Cargo.toml

@@ -0,0 +1,9 @@
+[package]
+name = "okta-bcrypt-issue"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+base64 = "0.22.1"
+bcrypt = "0.17.0"
+rand = "0.9.1"

__crypto/okta-bcrypt-issue/src/main.rs

@@ -0,0 +1,33 @@
+use rand::RngCore;
+use base64::{Engine as _, engine::general_purpose::URL_SAFE};
+use std::error::Error;
+
+fn random_string(length: usize) -> String {
+    let mut bytes = vec![0u8; length];
+    rand::rng().fill_bytes(&mut bytes);
+    URL_SAFE.encode(&bytes)[..length].to_string()
+}
+
+// https://n0rdy.foo/posts/20250121/okta-bcrypt-lessons-for-better-apis/
+fn main() -> Result<(), Box<dyn Error>> {
+    // 18 + 55 + 1 = 74, so above 72 characters' limit of BCrypt
+    let user_id = random_string(18);
+    let username = random_string(55);
+    let password = "super-duper-secure-password";
+
+    let combined_string = format!("{}:{}:{}", user_id, username, password);
+    let combined_hash = bcrypt::hash(combined_string.as_bytes(), bcrypt::DEFAULT_COST)?;
+
+    // let's try to break it
+    let wrong_password = "wrong-password";
+    let wrong_combined_string = format!("{}:{}:{}", user_id, username, wrong_password);
+
+    match bcrypt::verify(wrong_combined_string.as_bytes(), &combined_hash) {
+        Ok(true) => println!("Password is correct"),
+        Ok(false) => println!("Password is incorrect"),
+        Err(e) => println!("{}", e),
+    }
+
+    Ok(())
+}
+