password: Hashing and checking of passwords
A library providing functionality for working with plain-text and hashed passwords with different types of algorithms.
API
Every supported hashing algorithm has its own module (e.g. Data.Password.Bcrypt)
which exports its own hashPassword and checkPassword functions, as well as all the
types and functions in this module. If you are not sure about the specifics of an
algorithm you want to use, you can rest assured that by using the hashPassword function
of the respective algorithm you are not making any big mistakes, security-wise.
Of course, if you know what you're doing and you want more fine-grained control
over the hashing function, you can adjust it using the hashPasswordWithParams
function of the respective algorithm.
Algorithms
Generally, the most "secure" algorithm is believed to be Argon2, then scrypt,
then bcrypt, and lastly PBKDF2.
bcrypt and PBKDF2 are the most established algorithms, so they have been tried and
tested, though they both lack a memory cost, and therefore have a greater vulnerability
to specialized hardware attacks.
When choosing an algorithm, and you have no idea which to pick, just go for bcrypt if
your password does not need the highest security possible.
It's still a fine way for hashing passwords, and the cost is easily adjustable if needed.
If your needs do require stronger protection, you should find someone who can advise you
on this topic. (And if you're already knowledgeable enough, you know what to do)
[Skip to Readme]
Modules
[Index] [Quick Jump]
Flags
Manual Flags
| Name | Description | Default |
|---|---|---|
| argon2 | Compile with Argon2 support? | Enabled |
| bcrypt | Compile with bcrypt support? | Enabled |
| crypton | Use the [crypton] library as the cryptographic backend. (Does nothing since version 3.1.0.0; might be removed in a future major version) | Disabled |
| cryptonite | Use the [cryptonite] library as the cryptographic backend. | Disabled |
| pbkdf2 | Compile with PBKDF2 support? | Enabled |
| scrypt | Compile with scrypt support? | Enabled |
Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info
Downloads
- password-3.1.0.1.tar.gz [browse] (Cabal source package)
- Package description (as included in the package)
Maintainer's Corner
For package maintainers and hackage trustees
Candidates
- No Candidates
| Versions [RSS] | 0.1.0.0, 0.1.0.1, 1.0.0.0, 2.0.0.0, 2.0.0.1, 2.0.1.0, 2.0.1.1, 2.1.0.0, 2.1.1.0, 3.0.0.0, 3.0.1.0, 3.0.2.0, 3.0.2.1, 3.0.3.0, 3.0.4.0, 3.1.0.0, 3.1.0.1 |
|---|---|
| Change log | ChangeLog.md |
| Dependencies | base (>=4.9 && <5), base64 (>=0.3 && <1.1), bytestring (>=0.9 && <0.13), crypton (>=0.31 && <1.1), memory (<1), password-types (<2), template-haskell, text (>=1.2.2 && <3) [details] |
| License | BSD-3-Clause |
| Copyright | Copyright (c) Dennis Gosnell, 2019; Felix Paulusma, 2020 |
| Author | Dennis Gosnell, Felix Paulusma |
| Maintainer | cdep.illabout@gmail.com, felix.paulusma@gmail.com |
| Category | Data |
| Home page | https://github.com/cdepillabout/password/tree/master/password#readme |
| Bug tracker | https://github.com/cdepillabout/password/issues |
| Source repo | head: git clone https://github.com/cdepillabout/password |
| Uploaded | by cdepillabout at 2024-11-10T08:17:45Z |
| Distributions | LTSHaskell:3.0.4.0, NixOS:3.0.4.0, Stackage:3.1.0.1 |
| Reverse Dependencies | 4 direct, 3 indirect [details] |
| Downloads | 4447 total (114 in the last 30 days) |
| Rating | 2.25 (votes: 2) [estimated by Bayesian average] |
| Your Rating | |
| Status | Docs uploaded by user Build status unknown [no reports yet] |
Readme for password-3.1.0.1
[back to package description]password
This library provides functions for working with passwords and password hashes in Haskell.
Currently supports the following algorithms:
PBKDF2bcryptscryptArgon2
Also, see the password-instances package for instances for common typeclasses.