Module documentation for 0.11.6
:warning: this library is now deprecated in favor of
cryptonite, which is
a superset of this, and also have more functionality. For new projects,
you should not use this library anymore, and preferably you should
convert old projects to
:warning: the SHA3 implementation available in Crypto.Hash.SHA3 is
not SHA3 as standardized by NIST, but Keccak as submitted for the SHA3 contest.
A matching implementation is available as Keccak in
cryptonite, although I would
recommend not to use unless you happens to really really need your digest value
to be compatible. On the other hand, the centralized
a proper SHA3 implementation (as standardized by NIST)
hs-cryptohash provides many different secure digest algorithms, also
called cryptographic hash functions or, simply, cryptohashes. The package
exports common hash functions, as well as some more exotic ones, and
provides a single API for them all.
The general performance is comparable to the most optimised implementations available.
Here is the complete list of supported algorithms:
- MD2, MD4, MD5
- SHA-2 family: 224, 256, 384, 512 and the newer 512t
- SHA-3 (aka Keccak)
- Skein: 256, 512
You can easily import any hash with the following:
import qualified Crypto.Hash.<HASH> as <Hash>
We recommend using
import qualified because the APIs are similar and
many of the modules reuse the same names. However, if you are ony using
one module, there is no need to qualify the names.
it’s based on 4 different functions, similar to the lowlevel operations of a typical hash:
- init: create a new hash context
- update: update non-destructively a new hash context with a strict bytestring
- updates: same as update, except that it takes a list of strict bytestring
- finalize: finalize the context and returns a digest bytestring.
all those operations are completely pure, and instead of changing the context as usual in others language, it re-allocates a new context each time.
One Pass API
The one pass API use the incremental API under the hood, but expose common operations to create digests out of a bytestring and lazy bytestring.
- hash: create a digest (init+update+finalize) from a strict bytestring
- hashlazy: create a digest (init+update+finalize) from a lazy bytestring
More Type safety
A more type safe API is also available from Crypto.Hash. The API provides all the supported hashes in the same namespace, through unified functions.
It introduces 2 new types, the Context type and the Digest type. Both those types are parametrized with the HashAlgorithm used.
The API is very similar to each single hash module, except the types are slightly different.
import Crypto.Hash -- use the incremental API to hash the byte [1,2,3] with SHA1 -- and print the hexadecimal digest. example1 = do let ctx = hashInit ctx' = hashUpdates ctx [ Data.ByteString.pack [1,2,3] ] dgt = hashFinalize ctx' :: Digest SHA1 putStrLn $ show dgt -- use the one-pass API to hash the byte 1,2,3 with SHA3_512 -- and print the hexadecimal digest. example2 = do let dgt = hash (Data.ByteString.pack [1,2,3]) :: Digest SHA3_512 putStrLn $ show dgt
Cryptohash uses C implementations to provide maximum performance. see the cbits directory for more information