RustCrypto · tarcieri · Jan 22, 2026 · Jan 22, 2026
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/aucpace/Cargo.toml b/aucpace/Cargo.toml
@@ -16,22 +16,22 @@ rust-version = "1.85"
 
 [dependencies]
 curve25519-dalek = { version = "5.0.0-pre.4", default-features = false, features = ["digest", "rand_core"] }
-password-hash = { version = "0.6.0-rc.7", default-features = false, features = ["phc", "rand_core"] }
-rand_core = { version = "0.10.0-rc-3", default-features = false }
+password-hash = { version = "0.6.0-rc.8", default-features = false, features = ["phc", "rand_core"] }
+rand_core = { version = "0.10.0-rc-5", default-features = false }
 subtle = { version = "2.4", default-features = false }
 
 # optional dependencies
 getrandom = { version = "0.4.0-rc.0", optional = true, features = ["sys_rng"] }
 serde = { version = "1.0.184", default-features = false, optional = true, features = ["derive"] }
 serde-byte-array = { version = "0.1", optional = true }
-scrypt = { version = "0.12.0-rc.8", default-features = false, optional = true, features = ["phc"] }
+scrypt = { version = "0.12.0-rc.9", default-features = false, optional = true, features = ["phc"] }
 sha2 = { version = "0.11.0-rc.3", default-features = false, optional = true }
 
 [dev-dependencies]
 curve25519-dalek = { version = "5.0.0-pre.4", features = ["digest", "rand_core"] }
-password-hash = { version = "0.6.0-rc.7", features = ["rand_core"] }
+password-hash = { version = "0.6.0-rc.8", features = ["rand_core"] }
 postcard = { version = "1", features = ["use-std"] }
-scrypt = { version = "0.12.0-rc.8", features = ["phc"] }
+scrypt = { version = "0.12.0-rc.9", features = ["phc"] }
 sha2 = "0.11.0-rc.3"
 
 [features]

diff --git a/aucpace/examples/key_agreement.rs b/aucpace/examples/key_agreement.rs
@@ -47,7 +47,7 @@ fn main() -> Result<()> {
     let mut database: SingleUserDatabase = Default::default();
 
     let params = Params::RECOMMENDED;
-    let registration = base_client.register_alloc(USERNAME, PASSWORD, params, Scrypt)?;
+    let registration = base_client.register_alloc(USERNAME, PASSWORD, params, Scrypt::default())?;
     if let ClientMessage::Registration {
         username,
         salt,
@@ -186,7 +186,7 @@ fn main() -> Result<()> {
 
                 Params::new(log_n, r, p).unwrap()
             };
-            client.generate_cpace_alloc(x_pub, &salt, params, Scrypt)?
+            client.generate_cpace_alloc(x_pub, &salt, params, Scrypt::default())?
         } else {
             panic!("Received invalid server message {:?}", server_message);
         };

diff --git a/aucpace/examples/key_agreement_no_std.rs b/aucpace/examples/key_agreement_no_std.rs
@@ -40,7 +40,8 @@ fn main() -> Result<()> {
 
     let start = Instant::now();
     let params = Params::RECOMMENDED;
-    let registration = base_client.register::<&[u8], 100>(USERNAME, PASSWORD, params, Scrypt)?;
+    let registration =
+        base_client.register::<&[u8], 100>(USERNAME, PASSWORD, params, Scrypt::default())?;
     if let ClientMessage::Registration {
         username,
         salt,
@@ -143,7 +144,7 @@ fn main() -> Result<()> {
 
             Params::new(log_n, r, p).unwrap()
         };
-        client.generate_cpace::<&SaltString, 100>(x_pub, &salt, params, Scrypt)?
+        client.generate_cpace::<&SaltString, 100>(x_pub, &salt, params, Scrypt::default())?
     } else {
         panic!("Received invalid server message {:?}", server_message);
     };

diff --git a/aucpace/examples/key_agreement_partial_aug.rs b/aucpace/examples/key_agreement_partial_aug.rs
@@ -50,7 +50,7 @@ fn main() -> Result<()> {
     let mut database: SingleUserDatabase = Default::default();
 
     let params = Params::RECOMMENDED;
-    let registration = base_client.register_alloc(USERNAME, PASSWORD, params, Scrypt)?;
+    let registration = base_client.register_alloc(USERNAME, PASSWORD, params, Scrypt::default())?;
     if let ClientMessage::Registration {
         username,
         salt,
@@ -193,7 +193,7 @@ fn main() -> Result<()> {
 
                 Params::new(log_n, r, p).unwrap()
             };
-            client.generate_cpace_alloc(x_pub, &salt, params, Scrypt)?
+            client.generate_cpace_alloc(x_pub, &salt, params, Scrypt::default())?
         } else {
             panic!("Received invalid server message {:?}", server_message);
         };

diff --git a/aucpace/examples/key_agreement_strong.rs b/aucpace/examples/key_agreement_strong.rs
@@ -48,7 +48,8 @@ fn main() -> Result<()> {
     let mut database: SingleUserDatabase = Default::default();
 
     let params = Params::RECOMMENDED;
-    let registration = base_client.register_alloc_strong(USERNAME, PASSWORD, params, Scrypt)?;
+    let registration =
+        base_client.register_alloc_strong(USERNAME, PASSWORD, params, Scrypt::default())?;
     if let ClientMessage::StrongRegistration {
         username,
         secret_exponent,
@@ -190,7 +191,7 @@ fn main() -> Result<()> {
 
                 Params::new(log_n, r, p).unwrap()
             };
-            client.generate_cpace_alloc(x_pub, blinded_salt, params, Scrypt)?
+            client.generate_cpace_alloc(x_pub, blinded_salt, params, Scrypt::default())?
         } else {
             panic!("Received invalid server message {:?}", server_message);
         };

diff --git a/aucpace/src/client.rs b/aucpace/src/client.rs
@@ -1069,15 +1069,16 @@ mod tests {
         // they are used here to make the test run faster
         let params: Params = Default::default();
 
+        let scrypt = Scrypt::default();
         let no_std_res = hash_password::<&str, &str, &SaltString, Scrypt, 100>(
             username,
             password,
             &salt.into(),
             params,
-            &Scrypt,
+            &scrypt,
         )
         .unwrap();
-        let alloc_res = hash_password_alloc(username, password, salt, params, &Scrypt).unwrap();
+        let alloc_res = hash_password_alloc(username, password, salt, params, &scrypt).unwrap();
 
         assert_eq!(alloc_res, no_std_res);
     }
@@ -1108,7 +1109,7 @@ mod tests {
             RistrettoPoint::identity(),
             &Salt::new(b"saltyboi").unwrap().into(),
             scrypt::Params::RECOMMENDED,
-            scrypt::Scrypt,
+            scrypt::Scrypt::default(),
         );
 
         if let Err(e) = res {
@@ -1134,7 +1135,7 @@ mod tests {
             RistrettoPoint::identity(),
             &Salt::new(b"saltyboi").unwrap().into(),
             scrypt::Params::RECOMMENDED,
-            scrypt::Scrypt,
+            scrypt::Scrypt::default(),
         );
 
         if let Err(e) = res {
@@ -1163,7 +1164,7 @@ mod tests {
             RistrettoPoint::identity(),
             RISTRETTO_BASEPOINT_POINT,
             scrypt::Params::RECOMMENDED,
-            scrypt::Scrypt,
+            scrypt::Scrypt::default(),
         );
 
         if let Err(e) = res {
@@ -1197,7 +1198,7 @@ mod tests {
             RistrettoPoint::identity(),
             RISTRETTO_BASEPOINT_POINT,
             scrypt::Params::RECOMMENDED,
-            scrypt::Scrypt,
+            scrypt::Scrypt::default(),
         );
 
         if let Err(e) = res {
@@ -1265,7 +1266,7 @@ mod tests {
             RISTRETTO_BASEPOINT_POINT,
             RistrettoPoint::identity(),
             scrypt::Params::RECOMMENDED,
-            scrypt::Scrypt,
+            scrypt::Scrypt::default(),
         );
 
         if let Err(e) = res {

diff --git a/aucpace/tests/test_key_agreement.rs b/aucpace/tests/test_key_agreement.rs
@@ -243,7 +243,7 @@ fn init() -> Result<(Client, Server, SingleUserDatabase)> {
 
     // register a user in the database
     let params = Params::RECOMMENDED;
-    let registration = base_client.register_alloc(USERNAME, PASSWORD, params, Scrypt)?;
+    let registration = base_client.register_alloc(USERNAME, PASSWORD, params, Scrypt::default())?;
     if let ClientMessage::Registration {
         username,
         salt,
@@ -297,7 +297,7 @@ fn test_core(
 
             Params::new(log_n, r, p).unwrap()
         };
-        client.generate_cpace_alloc(x_pub, &salt, params, Scrypt)?
+        client.generate_cpace_alloc(x_pub, &salt, params, Scrypt::default())?
     } else {
         panic!("Received invalid server message {:?}", server_message);
     };

diff --git a/aucpace/tests/test_key_agreement_partial_aug.rs b/aucpace/tests/test_key_agreement_partial_aug.rs
@@ -279,7 +279,7 @@ fn init() -> Result<(Client, Server, SingleUserDatabase)> {
 
     // register a user in the database
     let params = Params::RECOMMENDED;
-    let registration = base_client.register_alloc(USERNAME, PASSWORD, params, Scrypt)?;
+    let registration = base_client.register_alloc(USERNAME, PASSWORD, params, Scrypt::default())?;
     if let ClientMessage::Registration {
         username,
         salt,
@@ -335,7 +335,7 @@ fn test_core(
 
             Params::new(log_n, r, p).unwrap()
         };
-        client.generate_cpace_alloc(x_pub, &salt, params, Scrypt)?
+        client.generate_cpace_alloc(x_pub, &salt, params, Scrypt::default())?
     } else {
         panic!("Received invalid server message {:?}", server_message);
     };

diff --git a/aucpace/tests/test_key_agreement_strong.rs b/aucpace/tests/test_key_agreement_strong.rs
@@ -244,7 +244,8 @@ fn init() -> Result<(Client, Server, SingleUserDatabase)> {
 
     // register a user in the database
     let params = Params::RECOMMENDED;
-    let registration = base_client.register_alloc_strong(USERNAME, PASSWORD, params, Scrypt)?;
+    let registration =
+        base_client.register_alloc_strong(USERNAME, PASSWORD, params, Scrypt::default())?;
     if let ClientMessage::StrongRegistration {
         username,
         secret_exponent,
@@ -299,7 +300,7 @@ fn test_core(
 
             Params::new(log_n, r, p).unwrap()
         };
-        client.generate_cpace_alloc(x_pub, blinded_salt, params, Scrypt)?
+        client.generate_cpace_alloc(x_pub, blinded_salt, params, Scrypt::default())?
     } else {
         panic!("Received invalid server message {:?}", server_message);
     };

diff --git a/aucpace/tests/test_key_agreement_strong_partial_aug.rs b/aucpace/tests/test_key_agreement_strong_partial_aug.rs
@@ -281,7 +281,8 @@ fn init() -> Result<(Client, Server, SingleUserDatabase)> {
 
     // register a user in the database
     let params = Params::RECOMMENDED;
-    let registration = base_client.register_alloc_strong(USERNAME, PASSWORD, params, Scrypt)?;
+    let registration =
+        base_client.register_alloc_strong(USERNAME, PASSWORD, params, Scrypt::default())?;
     if let ClientMessage::StrongRegistration {
         username,
         secret_exponent,
@@ -338,7 +339,7 @@ fn test_core(
 
             Params::new(log_n, r, p).unwrap()
         };
-        client.generate_cpace_alloc(x_pub, blinded_salt, params, Scrypt)?
+        client.generate_cpace_alloc(x_pub, blinded_salt, params, Scrypt::default())?
     } else {
         panic!("Received invalid server message {:?}", server_message);
     };

diff --git a/spake2/Cargo.toml b/spake2/Cargo.toml
@@ -15,8 +15,8 @@ edition = "2024"
 rust-version = "1.85"
 
 [dependencies]
-curve25519-dalek = { version = "5.0.0-pre.3", default-features = false, features = ["rand_core"] }
-rand_core = { version = "0.10.0-rc-3", default-features = false }
+curve25519-dalek = { version = "5.0.0-pre.4", default-features = false, features = ["rand_core"] }
+rand_core = { version = "0.10.0-rc-5", default-features = false }
 sha2 = { version = "0.11.0-rc.3", default-features = false }
 hkdf = { version = "0.13.0-rc.3", default-features = false }
 

diff --git a/spake2/src/lib.rs b/spake2/src/lib.rs
@@ -323,7 +323,7 @@ impl<G: Group> Spake2<G> {
     #[cfg(feature = "getrandom")]
     #[must_use]
     pub fn start_a(password: &Password, id_a: &Identity, id_b: &Identity) -> (Self, Vec<u8>) {
-        Self::start_a_with_rng(password, id_a, id_b, SysRng.unwrap_mut())
+        Self::start_a_with_rng(password, id_a, id_b, &mut SysRng.unwrap_err())
     }
 
     /// Start with identity `idB`.
@@ -332,7 +332,7 @@ impl<G: Group> Spake2<G> {
     #[cfg(feature = "getrandom")]
     #[must_use]
     pub fn start_b(password: &Password, id_a: &Identity, id_b: &Identity) -> (Self, Vec<u8>) {
-        Self::start_b_with_rng(password, id_a, id_b, SysRng.unwrap_mut())
+        Self::start_b_with_rng(password, id_a, id_b, &mut SysRng.unwrap_err())
     }
 
     /// Start with symmetric identity.
@@ -341,7 +341,7 @@ impl<G: Group> Spake2<G> {
     #[cfg(feature = "getrandom")]
     #[must_use]
     pub fn start_symmetric(password: &Password, id_s: &Identity) -> (Self, Vec<u8>) {
-        Self::start_symmetric_with_rng(password, id_s, SysRng.unwrap_mut())
+        Self::start_symmetric_with_rng(password, id_s, &mut SysRng.unwrap_err())
     }
 
     /// Start with identity `idA` and the provided cryptographically secure RNG.

diff --git a/srp/Cargo.toml b/srp/Cargo.toml
@@ -17,9 +17,9 @@ edition = "2024"
 rust-version = "1.85"
 
 [dependencies]
-bigint = { package = "crypto-bigint", version = "0.7.0-rc.18", features = ["alloc"] }
-common = { package = "crypto-common", version = "0.2.0-rc.9" }
-digest = "0.11.0-rc.5"
+bigint = { package = "crypto-bigint", version = "0.7.0-rc.21", features = ["alloc"] }
+common = { package = "crypto-common", version = "0.2.0-rc.11" }
+digest = "0.11.0-rc.7"
 subtle = { version = "2.4", default-features = false }
 
 [dev-dependencies]