password
Hashing and checking of passwords
https://github.com/cdepillabout/password/tree/master/password#readme
Version on this page: | 3.0.4.0@rev:1 |
LTS Haskell 22.43: | 3.0.4.0@rev:1 |
Stackage Nightly 2024-12-03: | 3.1.0.1 |
Latest on Hackage: | 3.1.0.1 |
BSD-3-Clause licensed by Dennis Gosnell, Felix Paulusma
Maintained by [email protected], [email protected]
This version can be pinned in stack with:
password-3.0.4.0@sha256:91c29d3ec5b1525e4f0dc7dd94d05a541f9011432877f5b6e719ef79120b4c37,6390
Module documentation for 3.0.4.0
- Data
- Data.Password
Depends on 8 packages(full list with versions):
password
This library provides functions for working with passwords and password hashes in Haskell.
Currently supports the following algorithms:
PBKDF2
bcrypt
scrypt
Argon2
Also, see the password-instances package for instances for common typeclasses.
Changes
Changelog for password
3.0.4.0
- Support
base64
package up to and includingbase64-1.0
. - Added the Cabal flags
crypton
andcryptonite
to choose which dependency to build with. Right now the default iscryptonite
and settingcrypton
changes it tocrypton
. Setting thecryptonite
flag does nothing at the moment, but will replace thecrypton
flag in a future major release, so if you want to keep using thecryptonite
package you should start building with this flag. When the flags get switched thecrypton
package will be the default and thecrypton
flag will turn into a no-op, and you’ll have to supply thecryptonite
flag to build with thecryptonite
package. Thanks to @Vlix #74
3.0.3.0
- Added
bcrypt
defaultParams
used byhashPassword
Thanks to @blackheaven #70
3.0.2.2
3.0.2.1
- Add Cabal flags to control which hashing algorithms are exported. These flags are
argon2
,bcrypt
,pbkdf2
, andscrypt
. Each flag is enabled by default - disabling it will elide the corresponding module from the library. This allows downstream packagers to disable hashing algorithms which aren’t supported on certain platforms. Thanks to @ivanbakel #63
3.0.2.0
- Add
extractParams
onPasswordHash
s Thanks to @blackheaven #61
3.0.1.0
3.0.0.0
- Split the main datatypes module (
Data.Password
) into a separate package:password-types
. The new package just containsPassword
,PasswordHash
,Salt
and their helper functions/instances. - Adjusted entire
password
package to use theData.Password.Types
from this newpassword-types
. Thanks to @Vlix #40 - Argon2: fixed the producing and checking of Argon2 hashes. The base64 padding is removed when producing hashes and when checking hashes it will accept hashes with or without padding. #45
2.1.1.0
- Fixed
homepage
links in the.cabal
files. #34 Thanks to @Radicalautistt - Updated the
defaultPasswordPolicy
and documentation of theData.Password.Validate
module using information about research done on “memorized secrets” (i.e. passwords) by the NIST. [#31] https://github.com/cdepillabout/password/pull/31 Thanks to @agentultra for pointing out the research and starting the PR. #39 Thanks to @Vlix for updating the rest of the documentation. - Small spelling and other documentation fixes.
2.1.0.0
- A new
Validate
module has been added to dictate policies that passwords should adhere to and the necessary API to verify that they do. #26 Huge thanks to @HirotoShioi for picking up the task of adding this functionality and doing most of the groundwork. #27 Thanks to @Vlix for finishing up the API and documentation.
2.0.1.1
- Fixed cross-module links in the haddocks. #19 Thanks to @TristanCacqueray for fixing this.
2.0.1.0
- Switched checking hashes to using
Data.ByteArray.constEq
, instead of the default(==)
method ofByteString
. This is to make it more secure against timing attacks. #16 Thanks to @maralorn for bringing this up.
2.0.0.1
- Fixed README markdown for hackage.
2.0.0.0
- Complete overhaul of the library to include hashing and checking
passwords with not just
scrypt
, but alsoPBKDF2
,bcrypt
andArgon2
. #8 cryptonite
is now used as a dependency, instead of thescrypt
package. #8- Done away with abbreviating “password” (
Pass/pass
->Password/password
) #8 - Removed
unsafeShowPasswordText
and changedunsafeShowPassword
to bePassword -> Text
. (Anyone who needs it to be aString
knows where to findData.Text.unpack
) #8 - GHC versions < 8.2 are no longer actively supported. (Tested to work for GHC 8.2.2)
1.0.0.0
hashPassWithSalt
has switched function arguments for better currying. #6 Although be warned that multiple passwords should not be hashed with the same salt.- Removed
Read
instance fromPass
and addedShow
instance. #6 See #5 for justification of this. newSalt
is nowMonadIO m
instead ofIO
. #6PassCheckSucc
has been renamed toPassCheckSuccess
. #6- Hide data constructor from
Pass
and add themkPass
function to construct aPass
. #6 - Thanks to Felix Paulusma (@Vlix) for the above changes!
0.1.0.1
- Small fix to make sure the doctests build with stack. #3
0.1.0.0
- Initial version.