Safe Haskell | None |
---|---|
Language | Haskell98 |
A module for hashing passwords with bcrypt.
>>>
import Crypto.BCrypt
>>>
let p = Data.ByteString.Char8.pack
>>>
hashPasswordUsingPolicy slowerBcryptHashingPolicy (p "mypassword")
Just "$2y$14$xBBZdWgTa8fSU1aPFP5IxeVdUKfT7hUDjmusZEAiNBiYaYEGY/Sh6">>>
validatePassword (p "$2y$14$xBBZdWgTa8fSU1aPFP5IxeVdUKfT7hUDjmusZEAiNBiYaYEGY/Sh6") (p "badpass")
False>>>
validatePassword (p "$2y$14$xBBZdWgTa8fSU1aPFP5IxeVdUKfT7hUDjmusZEAiNBiYaYEGY/Sh6") (p "mypassword")
True>>>
hashUsesPolicy slowerBcryptHashingPolicy (p "$2y$14$xBBZdWgTa8fSU1aPFP5IxeVdUKfT7hUDjmusZEAiNBiYaYEGY/Sh6")
True>>>
hashUsesPolicy fastBcryptHashingPolicy (p "$2y$14$xBBZdWgTa8fSU1aPFP5IxeVdUKfT7hUDjmusZEAiNBiYaYEGY/Sh6")
False
- data HashingPolicy = HashingPolicy {}
- hashPasswordUsingPolicy :: HashingPolicy -> ByteString -> IO (Maybe ByteString)
- validatePassword :: ByteString -> ByteString -> Bool
- fastBcryptHashingPolicy :: HashingPolicy
- slowerBcryptHashingPolicy :: HashingPolicy
- hashUsesPolicy :: HashingPolicy -> ByteString -> Bool
- hashPassword :: ByteString -> ByteString -> Maybe ByteString
- genSalt :: ByteString -> Int -> ByteString -> Maybe ByteString
- genSaltUsingPolicy :: HashingPolicy -> IO (Maybe ByteString)
- defaultHashAlgorithm :: ByteString
Documentation
data HashingPolicy Source #
A hashing policy defines the type of password hashing to use.
HashingPolicy | |
|
hashPasswordUsingPolicy :: HashingPolicy -> ByteString -> IO (Maybe ByteString) Source #
Hashes a password, using a hashing policy.
validatePassword :: ByteString -> ByteString -> Bool Source #
Validates a password. The first argument is the hashed password, the second is the password attempt. Note: If a password validates successfully, it is a good idea to check if the password is up to the current policy using hashUsesPolicy, and re-hashing it if not.
fastBcryptHashingPolicy :: HashingPolicy Source #
A policy that allows passwords to be hashed reasonably quickly, but for that reason isn't suitable for high security applications.
slowerBcryptHashingPolicy :: HashingPolicy Source #
A policy which makes password hashing substantially slower than fastBcryptHashingPolicy, and so makes it more difficult for an adversary to decrypt passwords. In a high security environment, this policy should be regularly reviewed against hardware developments.
hashUsesPolicy :: HashingPolicy -> ByteString -> Bool Source #
Check whether a password hash is consistent with the current policy, or if it should be updated.
hashPassword :: ByteString -> ByteString -> Maybe ByteString Source #
Hashes a password (first argument) using the settings specified in second argument. The settings describe the hashing variant and salt to use; because the settings are prepended to password hashes, passing in an existing password hash will cause the same settings to be used again. You can create a hash using genSalt. Result: Just hash on success, Nothing on failure (invalid settings).
genSalt :: ByteString -> Int -> ByteString -> Maybe ByteString Source #
Prepares a settings string and salt suitable for use with hashPassword. Takes a prefix specifying the type of hash, an integer specifying the computational cost of hashing (4-32, or 0 for a low default), and a string of random entropy.
genSaltUsingPolicy :: HashingPolicy -> IO (Maybe ByteString) Source #
Generates a salt using a policy, sampling from a system-appropriate source.
defaultHashAlgorithm :: ByteString Source #
Default is compatible with other Openwall-based libraries.