| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
Crypto.Argon2
Description
Crypto.Argon2 provides bindings to the reference implementation of Argon2, the password-hashing function that won the Password Hashing Competition (PHC).
The main entry points to this module are hashEncoded, which produces a
crypt-like ASCII output; and hash which produces a ByteString (a stream
of bytes). Argon2 is a configurable hash function, and can be configured by
supplying a particular set of HashOptions - defaultHashOptions should provide
a good starting point. See HashOptions for more documentation on the particular
parameters that can be adjusted.
For access directly to the C interface, see Crypto.Argon2.FFI.
- hashEncoded :: HashOptions -> ByteString -> ByteString -> Text
- hash :: HashOptions -> ByteString -> ByteString -> ByteString
- verify :: Text -> ByteString -> Bool
- data HashOptions = HashOptions {}
- data Argon2Variant
- defaultHashOptions :: HashOptions
- data Argon2Exception
Computing hashes
Arguments
| :: HashOptions | Options pertaining to how expensive the hash is to calculate. |
| -> ByteString | The password to hash. Must be less than 4294967295 bytes. |
| -> ByteString | The salt to use when hashing. Must be less than 4294967295 bytes. |
| -> Text | The encoded password hash. |
Encode a password with a given salt and HashOptions and produce a textual
encoding of the result.
Arguments
| :: HashOptions | Options pertaining to how expensive the hash is to calculate. |
| -> ByteString | The password to hash. Must be less than 4294967295 bytes. |
| -> ByteString | The salt to use when hashing. Must be less than 4294967295 bytes. |
| -> ByteString | The un-encoded password hash. |
Encode a password with a given salt and HashOptions and produce a stream
of bytes.
Verification
verify :: Text -> ByteString -> Bool Source #
Verify that a given password could result in a given hash output.
Automatically determines the correct HashOptions based on the
encoded hash (as produced by hashEncoded).
Configuring hashing
data HashOptions Source #
Parameters that can be adjusted to change the runtime performance of the hashing.
Constructors
| HashOptions | |
Fields
| |
Instances
data Argon2Variant Source #
Which variant of Argon2 to use. You should choose the variant that is most applicable to your intention to hash inputs.
Constructors
| Argon2i | Argon2i uses data-independent memory access, which is preferred for password hashing and password-based key derivation. Argon2i is slower as it makes more passes over the memory to protect from tradeoff attacks. |
| Argon2d | Argon2d is faster and uses data-depending memory access, which makes it suitable for cryptocurrencies and applications with no threats from side-channel timing attacks. |
defaultHashOptions :: HashOptions Source #
A set of default HashOptions, taken from the argon2 executable.
defaultHashOptions::HashOptionsdefaultHashOptions=HashOptions{hashIterations= 1 ,hashMemory= 2 ^ 17 ,hashParallelism= 4 ,hashVariant=Argon2i}
Exceptions
data Argon2Exception Source #
Not all HashOptions can necessarily be used to compute hashes. If you
supply invalid HashOptions (or hashing otherwise fails) a Argon2Exception
will be throw.
Constructors
| Argon2PasswordLengthOutOfRange !CSize | The length of the supplied password is outside the range supported by |
| Argon2SaltLengthOutOfRange !CSize | The length of the supplied salt is outside the range supported by |
| Argon2MemoryUseOutOfRange !Word32 | Either too much or too little memory was requested via |
| Argon2IterationCountOutOfRange !Word32 | Either too few or too many iterations were requested via |
| Argon2ParallelismOutOfRange !Word32 | Either too much or too little parallelism was requested via |
| Argon2Exception !Int32 | An unexpected exception was throw. Please report this as a bug! |
Instances