password 3.0.2.1 → 3.0.3.0
raw patch · 5 files changed
+60/−5 lines, 5 files
Files
- ChangeLog.md +12/−0
- password.cabal +2/−2
- src/Data/Password/Bcrypt.hs +25/−2
- src/Data/Password/Internal.hs +1/−1
- test/tasty/Bcrypt.hs +20/−0
ChangeLog.md view
@@ -1,5 +1,17 @@ # Changelog for `password` +## 3.0.3.0++- Added `bcrypt` `defaultParams` used by `hashPassword`+ Thanks to [@blackheaven](https://github.com/blackheaven)+ [#70](https://github.com/cdepillabout/password/pull/70)++## 3.0.2.2++- Added extra documentation about `bcrypt` hashes.+ Thanks to [@Vlix](https://github.com/Vlix)+ [#69](https://github.com/cdepillabout/password/pull/69)+ ## 3.0.2.1 - Add Cabal flags to control which hashing algorithms are exported. These flags are
password.cabal view
@@ -1,7 +1,7 @@ cabal-version: 1.12 name: password-version: 3.0.2.1+version: 3.0.3.0 category: Data synopsis: Hashing and checking of passwords description:@@ -99,7 +99,7 @@ build-depends: base >= 4.9 && < 5 , base64 >= 0.3 && < 0.5- , bytestring >= 0.9 && < 0.12+ , bytestring >= 0.9 && < 0.13 , cryptonite >= 0.15.1 && < 0.31 , memory < 1 , password-types < 2
src/Data/Password/Bcrypt.hs view
@@ -27,8 +27,21 @@ though with the default cost (10) and a decently long password, the amount of time to brute-force would still be significant. -This the algorithm to use if you're not sure about your needs, but+This is the algorithm to use if you're not sure about your needs, but just want a decent, proven way to encrypt your passwords.++== Properties of a @bcrypt@ hash++The hashes generated by this library are always prefixed by the "$2b$" version prefix.++This library will accept hashes with the "$2b$", "$2y$" and "$2a$" versions. As the+"$2$" and "$2x$" versions were created with flawed algorithms.++A @bcrypt@ hash generated by this library is _ALWAYS_ 60 characters long.+Now while the very first version of @bcrypt@ would have hashes that were 59 characters long,+because of the 1 character-long "$2$" version prefix, @bcrypt@ has had a version increase shortly+after release, turning the prefix into a 2 character-long one like "$2a$" pretty+much from the very beginning. -} module Data.Password.Bcrypt (@@ -45,6 +58,7 @@ , PasswordCheck(..) -- * Hashing Manually (bcrypt) , hashPasswordWithParams+ , defaultParams , extractParams -- ** Hashing with salt (DISADVISED) --@@ -113,7 +127,16 @@ -- >>> hashPassword $ mkPassword "foobar" -- PasswordHash {unPasswordHash = "$2b$10$..."} hashPassword :: MonadIO m => Password -> m (PasswordHash Bcrypt)-hashPassword = hashPasswordWithParams 10+hashPassword = hashPasswordWithParams defaultParams++-- | Default parameters for the 'Bcrypt' algorithm.+--+-- >>> defaultParams+-- 10+--+-- @since 3.0.3.0+defaultParams :: Int+defaultParams = 10 -- | Hash a password with the given cost and also with the given 'Salt' -- instead of generating a random salt. Using 'hashPasswordWithSalt' is strongly __disadvised__,
src/Data/Password/Internal.hs view
@@ -24,7 +24,7 @@ -- $setup ) where -import Control.Monad.IO.Class (MonadIO(liftIO))+import Control.Monad.IO.Class (MonadIO (liftIO)) import Crypto.Random (getRandomBytes) import Data.ByteArray (Bytes, convert) import Data.ByteString (ByteString)
test/tasty/Bcrypt.hs view
@@ -1,6 +1,9 @@+{-# LANGUAGE OverloadedStrings #-} module Bcrypt where +import Data.Text (pack) import Test.Tasty+import Test.Tasty.HUnit (testCase, assertEqual) import Data.Password.Bcrypt @@ -13,4 +16,21 @@ , testCorrectPassword "Bcrypt (hashPassword 2)" (hashPasswordWithParams 5) checkPassword extractParams 5 , testIncorrectPassword "Bcrypt (hashPassword) fail" (hashPasswordWithParams 4) checkPassword , testWithSalt "Bcrypt (hashPasswordWithSalt)" (hashPasswordWithSalt 4) checkPassword extractParams 4+ , testPassword "2b"+ , testPassword "2y"+ , testPassword "2a"+-- These apparently do not work.+-- , testPassword "2x"+-- , testPassword "2" ]++-- | Tests if the version does not matter for matching the hash.+testPassword :: String -> TestTree+testPassword s =+ testCase ("Bcrypt (can check " <> s <> ")") $+ let x = checkPassword "testtest" $ hash s+ msg = "unsuccessful hash check (" <> s <> ")"+ in assertEqual msg PasswordCheckSuccess x+ where+ hash v = PasswordHash $+ "$" <> pack v <> "$10$v0mMyoUN2ZvDqsJFPH6ft.FcpX67hdXhh7tWf8/hwWZrKZ8U2Phs6"