• frezik@midwest.social
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    2 days ago

    None of this has much to do with type safety at all. A dynamically typed language might have a Salt object that has a constructor that takes a base64 string. If its common uuid library doesn’t output base64, then you can’t use it directly.

    Nor does a specific uuid library matter much. It just needs to be able to output base64 strings, which is an uncommon uuid encoding, but it’s out there.

    Nor does type safety prevent providing a sensible default implementation.

    The crate uses phc strings, which store the salt together with the hashed password, so no, it can handle it all on its own.

    There was just no thought into how components work together.

    • BorgDrone@lemmy.one
      link
      fedilink
      arrow-up
      3
      ·
      1 day ago

      Why even bother with things like strings for a salt? I would expect it to just take a byte array. Just create some random bytes and provide that.

      • frezik@midwest.social
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 day ago

        Yeah, that’s my thinking, too. But the library only takes b64.

        Edit: also, if anything, this system reduces the benefit of strong typing. You can feed whatever string you want into it and the compiler will say it’s OK, even if it would fail at run time. If it were a Vec<u8>, then the compiler can check things. Especially if you do something to let the compiler enforce the length (if possible).

        Or hand over a UUID object directly. Yeah, it ties it to a specific library, but it’s either that or you’re not taking full advantage of strong typing.

        Or just have a sensible default implementation.