This library provides functions for working with passwords and password hashes in Haskell.
Currently supports the following algorithms:
Also, see the password-instances package for instances for common typeclasses.
- Add Cabal flags to control which hashing algorithms are exported. These flags are
scrypt. Each flag is enabled by default - disabling it will elide the corresponding module from the library. This allows downstream packagers to disable hashing algorithms which aren’t supported on certain platforms. Thanks to @ivanbakel #63
- Split the main datatypes module (
Data.Password) into a separate package:
password-types. The new package just contains
Saltand their helper functions/instances.
- Adjusted entire
passwordpackage to use the
Data.Password.Typesfrom this new
password-types. Thanks to @Vlix #40
- Argon2: fixed the producing and checking of Argon2 hashes. The base64 padding is removed when producing hashes and when checking hashes it will accept hashes with or without padding. #45
homepagelinks in the
.cabalfiles. #34 Thanks to @Radicalautistt
- Updated the
defaultPasswordPolicyand documentation of the
Data.Password.Validatemodule using information about research done on “memorized secrets” (i.e. passwords) by the NIST. [#31] https://github.com/cdepillabout/password/pull/31 Thanks to @agentultra for pointing out the research and starting the PR. #39 Thanks to @Vlix for updating the rest of the documentation.
- Small spelling and other documentation fixes.
- A new
Validatemodule has been added to dictate policies that passwords should adhere to and the necessary API to verify that they do. #26 Huge thanks to @HirotoShioi for picking up the task of adding this functionality and doing most of the groundwork. #27 Thanks to @Vlix for finishing up the API and documentation.
- Switched checking hashes to using
Data.ByteArray.constEq, instead of the default
ByteString. This is to make it more secure against timing attacks. #16 Thanks to @maralorn for bringing this up.
- Fixed README markdown for hackage.
- Complete overhaul of the library to include hashing and checking
passwords with not just
scrypt, but also
cryptoniteis now used as a dependency, instead of the
- Done away with abbreviating “password” (
Password -> Text. (Anyone who needs it to be a
Stringknows where to find
- GHC versions < 8.2 are no longer actively supported. (Tested to work for GHC 8.2.2)
hashPassWithSalthas switched function arguments for better currying. #6 Although be warned that multiple passwords should not be hashed with the same salt.
Showinstance. #6 See #5 for justification of this.
MonadIO minstead of
PassCheckSucchas been renamed to
- Hide data constructor from
Passand add the
mkPassfunction to construct a
- Thanks to Felix Paulusma (@Vlix) for the above changes!
- Small fix to make sure the doctests build with stack. #3
- Initial version.