password: Hashing and checking of passwords

[ bsd3, data, library ] [ Propose Tags ] [ Report a vulnerability ]

A library providing functionality for working with plain-text and hashed passwords with different types of algorithms.

API

Every supported hashing algorithm has its own module (e.g. Data.Password.Bcrypt) which exports its own hashPassword and checkPassword functions, as well as all the types and functions in this module. If you are not sure about the specifics of an algorithm you want to use, you can rest assured that by using the hashPassword function of the respective algorithm you are not making any big mistakes, security-wise.

Of course, if you know what you're doing and you want more fine-grained control over the hashing function, you can adjust it using the hashPasswordWithParams function of the respective algorithm.

Algorithms

Generally, the most "secure" algorithm is believed to be Argon2, then scrypt, then bcrypt, and lastly PBKDF2. bcrypt and PBKDF2 are the most established algorithms, so they have been tried and tested, though they both lack a memory cost, and therefore have a greater vulnerability to specialized hardware attacks.

When choosing an algorithm, and you have no idea which to pick, just go for bcrypt if your password does not need the highest security possible. It's still a fine way for hashing passwords, and the cost is easily adjustable if needed. If your needs do require stronger protection, you should find someone who can advise you on this topic. (And if you're already knowledgeable enough, you know what to do)


[Skip to Readme]

Flags

Manual Flags

NameDescriptionDefault
argon2

Compile with Argon2 support?

Enabled
bcrypt

Compile with bcrypt support?

Enabled
crypton

Use the [crypton] library as the cryptographic backend. (Does nothing since version 3.1.0.0; might be removed in a future major version)

Disabled
cryptonite

Use the [cryptonite] library as the cryptographic backend.

Disabled
pbkdf2

Compile with PBKDF2 support?

Enabled
scrypt

Compile with scrypt support?

Enabled

Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info

Downloads

Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees

Candidates

  • No Candidates
Versions [RSS] 0.1.0.0, 0.1.0.1, 1.0.0.0, 2.0.0.0, 2.0.0.1, 2.0.1.0, 2.0.1.1, 2.1.0.0, 2.1.1.0, 3.0.0.0, 3.0.1.0, 3.0.2.0, 3.0.2.1, 3.0.3.0, 3.0.4.0, 3.1.0.0, 3.1.0.1
Change log ChangeLog.md
Dependencies base (>=4.9 && <5), base64 (>=0.3 && <1.1), bytestring (>=0.9 && <0.13), crypton (>=0.31 && <1.1), memory (<1), password-types (<2), template-haskell, text (>=1.2.2 && <3) [details]
License BSD-3-Clause
Copyright Copyright (c) Dennis Gosnell, 2019; Felix Paulusma, 2020
Author Dennis Gosnell, Felix Paulusma
Maintainer cdep.illabout@gmail.com, felix.paulusma@gmail.com
Category Data
Home page https://github.com/cdepillabout/password/tree/master/password#readme
Bug tracker https://github.com/cdepillabout/password/issues
Source repo head: git clone https://github.com/cdepillabout/password
Uploaded by cdepillabout at 2024-11-10T08:17:45Z
Distributions LTSHaskell:3.1.0.1, NixOS:3.0.4.0, Stackage:3.1.0.1
Reverse Dependencies 4 direct, 3 indirect [details]
Downloads 4491 total (44 in the last 30 days)
Rating 2.25 (votes: 2) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs uploaded by user
Build status unknown [no reports yet]

Readme for password-3.1.0.1

[back to package description]

password

Build Status Hackage Stackage LTS Stackage Nightly BSD3 license

This library provides functions for working with passwords and password hashes in Haskell.

Currently supports the following algorithms:

  • PBKDF2
  • bcrypt
  • scrypt
  • Argon2

Also, see the password-instances package for instances for common typeclasses.