@@ -302,6 +302,15 @@ impl Alphabet for UrlSafe {
302302/// This alphabet is commonly used by bcrypt hash strings. It is provided as an
303303/// alphabet/profile building block; `base64-ng` does not parse or verify full
304304/// bcrypt password-hash records.
305+ ///
306+ /// # Security
307+ ///
308+ /// The strict [`Alphabet::decode`] implementation delegates to
309+ /// [`decode_alphabet_byte`]. That helper scans the full alphabet, but it is a
310+ /// `const fn` and does not use the additional optimizer barriers used by the
311+ /// [`ct`](crate::ct) module. Do not use strict `Engine<Bcrypt, _>` decode as a
312+ /// token, key, or password-hash verifier. Use [`crate::ct::CtEngine`] with this
313+ /// alphabet for secret-bearing comparison workflows.
305314#[ derive( Clone , Copy , Debug , Default , Eq , PartialEq ) ]
306315pub struct Bcrypt ;
307316
@@ -318,6 +327,15 @@ impl Alphabet for Bcrypt {
318327///
319328/// This alphabet is provided as an explicit legacy interoperability profile.
320329/// `base64-ng` does not parse or verify complete password-hash records.
330+ ///
331+ /// # Security
332+ ///
333+ /// The strict [`Alphabet::decode`] implementation delegates to
334+ /// [`decode_alphabet_byte`]. That helper scans the full alphabet, but it is a
335+ /// `const fn` and does not use the additional optimizer barriers used by the
336+ /// [`ct`](crate::ct) module. Do not use strict `Engine<Crypt, _>` decode as a
337+ /// token, key, or password-hash verifier. Use [`crate::ct::CtEngine`] with this
338+ /// alphabet for secret-bearing comparison workflows.
321339#[ derive( Clone , Copy , Debug , Default , Eq , PartialEq ) ]
322340pub struct Crypt ;
323341
0 commit comments