botan-0.0.1.0: High-level Botan bindings
Copyright(c) Leo D 2023
LicenseBSD-3-Clause
Maintainerleo@apotheca.io
Stabilityexperimental
PortabilityPOSIX
Safe HaskellNone
LanguageHaskell2010

Botan.Bcrypt

Description

Generate and validate Bcrypt password hashes

Synopsis

Bcrypt

Bcrypt is an adaptive password-hashing algorithm designed to protect against brute force and rainbow table attacks. It contains a work factor that may be increased to increase resistance as computing power increases.

Bcrypt produces digests suitable for secure storage and validation.

Bcrypt is designed to be an expensive operation, and can block for some time. It also performs this same operation upon validation.

Usage

Directly using an RNG context

Direct usage is very simple

main = do
    rng <- newRNG Autoseeded
    dg <- bcryptGenerateRNG rng "Fee fi fo fum!" Fast
    print dg
    valid <- bcryptValidate "Fee fi fo fum!" dg
    print valid

Implicitly using MonadRandomIO

main = do
    dg <- bcryptGenerate "Fee fi fo fum!" Fast
    print dg
    valid <- bcryptValidate "Fee fi fo fum!" dg
    print valid

Work factors

data WorkFactor Source #

An work factor representing the level of security

Constructors

Fast 
Good 
Strong 
WorkFactor BcryptWorkFactor 

Instances

Instances details
Show WorkFactor Source # 
Instance details

Defined in Botan.Bcrypt

Methods

showsPrec :: Int -> WorkFactor -> ShowS #

show :: WorkFactor -> String #

showList :: [WorkFactor] -> ShowS #

Eq WorkFactor Source # 
Instance details

Defined in Botan.Bcrypt

Methods

(==) :: WorkFactor -> WorkFactor -> Bool #

(/=) :: WorkFactor -> WorkFactor -> Bool #

Ord WorkFactor Source # 
Instance details

Defined in Botan.Bcrypt

Methods

compare :: WorkFactor -> WorkFactor -> Ordering #

(<) :: WorkFactor -> WorkFactor -> Bool #

(<=) :: WorkFactor -> WorkFactor -> Bool #

(>) :: WorkFactor -> WorkFactor -> Bool #

(>=) :: WorkFactor -> WorkFactor -> Bool #

max :: WorkFactor -> WorkFactor -> WorkFactor #

min :: WorkFactor -> WorkFactor -> WorkFactor #

workFactor :: WorkFactor -> BcryptWorkFactor Source #

Convert a work factor to an integer

toWorkFactor :: BcryptWorkFactor -> WorkFactor Source #

Generating a bcrypt digest

type Password = ByteString Source #

type BcryptDigest = ByteString Source #

A bcrypt password hash

It should be formatted is formatted bcrypt $2a${wf}$... where wf is some integer work factor.

bcryptGenerate Source #

Arguments

:: MonadRandomIO m 
=> Password

The password to check against

-> WorkFactor

A work factor to slow down guessing attack

-> m BcryptDigest 

Generate a BcryptDigest password hash using Bcrypt

Output is formatted bcrypt $2a$...

bcryptGenerateRNG Source #

Arguments

:: MonadIO m 
=> RNG

A random number generator

-> Password

The password to check against

-> WorkFactor

A work factor to slow down guessing attack

-> m BcryptDigest 

Generate a BcryptDigest password hash using Bcrypt

Uses the provided RNG.

unsafeBcryptGenerateRNG Source #

Arguments

:: RNG

A random number generator

-> Password

The password to check against

-> WorkFactor

A work factor to slow down guessing attack

-> BcryptDigest 

This function is unsafe as it may block for an indeterminate amount of time

Validating a bcrypt digest

bcryptValidate Source #

Arguments

:: MonadIO m 
=> Password

The password to check against

-> BcryptDigest

The stored hash to check against

-> m Bool 

Check a previously created digest

Returns True iff this password / digest combination is valid, False if the combination is not valid (but otherwise well formed), and otherwise throws an exception on error

unsafeBcryptValidate Source #

Arguments

:: Password

The password to check against

-> BcryptDigest

The stored hash to check against

-> Bool 

Check a previously created digest, unsafely.

This function is unsafe as it may block for an indeterminate amount of time