32 releases (5 breaking)

0.6.1 Sep 5, 2018
0.5.2 Aug 22, 2018
0.4.2 Jul 26, 2018
0.1.42 Mar 20, 2018

#63 in Cryptography

Download history 168/week @ 2018-06-13 48/week @ 2018-06-20 232/week @ 2018-06-27 97/week @ 2018-07-04 35/week @ 2018-07-11 70/week @ 2018-07-18 3/week @ 2018-07-25 96/week @ 2018-08-01 86/week @ 2018-08-08 89/week @ 2018-08-15 91/week @ 2018-08-22 23/week @ 2018-08-29 44/week @ 2018-09-05

360 downloads per month
Used in 1 crate

MIT license




This library is not suitable for production code. There are no guarantees for the security of these implementations. Use at your own risk.


This library aims to provide easy and usable crypto. 'Usable' meaning exposing high-level API's that are easy to use and hard to misuse.

In case you missed the warning above: don't use orion for production code or instances where you need absolute confidence in security. While security is a top priority goal for this library, the author is no professional. Look in the Alternatives section if this means orion is not for you.

Currently contains:

  • HMAC-SHA512
  • cSHAKE256.
  • ChaCha20.
  • Poly1305.
  • AEAD ChaCha20Poly1305.

Note on cSHAKE: The cSHAKE implementation currently relies on the tiny-keccak crate. Currently this crate will produce incorrect results on big-endian based systems. See issue here.

Usage example

extern crate orion;
use orion::default;

let password = "Password to be hashed".as_bytes();

let password_hash = default::pbkdf2(password).unwrap();

assert!(default::pbkdf2_verify(&password_hash, password).unwrap());

Enabling no_std

To use orion in a no_std context, you need to specify the dependency as such:

orion = { version = "*", default-features = false }

Note that this means you will not have access to the default API. This is because the default API depends on the OsRng, which in turn depends on std.


Can be viewed here or built with:

cargo doc --no-deps


The wiki has details on how orion is tested. To run all tests:

cargo test

Fuzzing is done using libFuzzer with cargo-fuzz. Fuzzing targets can be run with:

cargo +nightly fuzz run -O fuzz_target


The library can be benchmarked as below. All benchmarking tests are located in benches/.

cargo +nightly bench


Can be found here.




orion is licensed under the MIT license. See the LICENSE file for more information.


~11K SLoC