BSD-3-Clause licensed by Dennis Gosnell, Felix Paulusma
This version can be pinned in stack with:password-,2464


Build Status Hackage Stackage LTS Stackage Nightly BSD3 license

This library provides datatypes and functions for working with passwords and password hashes in Haskell.

Currently supports the following algorithms:

  • PBKDF2
  • bcrypt
  • scrypt
  • Argon2

Also, see the password-instances package for instances for common typeclasses.


Changelog for password

  • Fixed homepage links in the .cabal files. #34 Thanks to @Radicalautistt
  • Updated the defaultPasswordPolicy and documentation of the Data.Password.Validate module using information about research done on “memorized secrets” (i.e. passwords) by the NIST. [#31] Thanks to @agentultra for pointing out the research and starting the PR. #39 Thanks to @Vlix for updating the rest of the documentation.
  • Small spelling and other documentation fixes.

  • A new Validate module has been added to dictate policies that passwords should adhere to and the necessary API to verify that they do. #26 Huge thanks to @HirotoShioi for picking up the task of adding this functionality and doing most of the groundwork. #27 Thanks to @Vlix for finishing up the API and documentation.

  • Switched checking hashes to using Data.ByteArray.constEq, instead of the default (==) method of ByteString. This is to make it more secure against timing attacks. #16 Thanks to @maralorn for bringing this up.

  • Fixed README markdown for hackage.

  • Complete overhaul of the library to include hashing and checking passwords with not just scrypt, but also PBKDF2, bcrypt and Argon2. #8
  • cryptonite is now used as a dependency, instead of the scrypt package. #8
  • Done away with abbreviating “password” (Pass/pass -> Password/password) #8
  • Removed unsafeShowPasswordText and changed unsafeShowPassword to be Password -> Text. (Anyone who needs it to be a String knows where to find Data.Text.unpack) #8
  • GHC versions < 8.2 are no longer actively supported. (Tested to work for GHC 8.2.2)

  • hashPassWithSalt has switched function arguments for better currying. #6 Although be warned that multiple passwords should not be hashed with the same salt.
  • Removed Read instance from Pass and added Show instance. #6 See #5 for justification of this.
  • newSalt is now MonadIO m instead of IO. #6
  • PassCheckSucc has been renamed to PassCheckSuccess. #6
  • Hide data constructor from Pass and add the mkPass function to construct a Pass. #6
  • Thanks to Felix Paulusma (@Vlix) for the above changes!

  • Small fix to make sure the doctests build with stack. #3

  • Initial version.