BSD-3-Clause licensed by Dennis Gosnell, Felix Paulusma
This version can be pinned in stack with:password-,2471


Build Status Hackage Stackage LTS Stackage Nightly BSD3 license

This library provides datatypes and functions for working with passwords and password hashes in Haskell.

Currently supports the following algorithms:

  • PBKDF2
  • bcrypt
  • scrypt
  • Argon2

Also, see the password-instances package for instances for common typeclasses.


Changelog for password

  • Switched checking hashes to using Data.ByteArray.constEq, instead of the default (==) method of ByteString. This is to make it more secure against timing attacks. #16 Thanks to maralorn (@maralorn) for bringing this up.

  • Fixed README markdown for hackage.

  • Complete overhaul of the library to include hashing and checking passwords with not just scrypt, but also PBKDF2, bcrypt and Argon2. #8
  • cryptonite is now used as a dependency, instead of the scrypt package. #8
  • Done away with abbreviating “password” (Pass/pass -> Password/password) #8
  • Removed unsafeShowPasswordText and changed unsafeShowPassword to be Password -> Text. (Anyone who needs it to be a String knows where to find Data.Text.unpack) #8
  • GHC versions < 8.2 are no longer actively supported. (Tested to work for GHC 8.2.2)

  • hashPassWithSalt has switched function arguments for better currying. #6 Although be warned that multiple passwords should not be hashed with the same salt.
  • Removed Read instance from Pass and added Show instance. #6 See #5 for justification of this.
  • newSalt is now MonadIO m instead of IO. #6
  • PassCheckSucc has been renamed to PassCheckSuccess. #6
  • Hide data constructor from Pass and add the mkPass function to construct a Pass. #6
  • Thanks to Felix Paulusma (@Vlix) for the above changes!

  • Small fix to make sure the doctests build with stack. #3

  • Initial version.