packages feed

password 3.0.2.1 → 3.0.3.0

raw patch · 5 files changed

+60/−5 lines, 5 files

Files

ChangeLog.md view
@@ -1,5 +1,17 @@ # Changelog for `password` +## 3.0.3.0++-  Added `bcrypt` `defaultParams` used by `hashPassword`+  Thanks to [@blackheaven](https://github.com/blackheaven)+    [#70](https://github.com/cdepillabout/password/pull/70)++## 3.0.2.2++-   Added extra documentation about `bcrypt` hashes.+    Thanks to [@Vlix](https://github.com/Vlix)+    [#69](https://github.com/cdepillabout/password/pull/69)+ ## 3.0.2.1  -   Add Cabal flags to control which hashing algorithms are exported. These flags are
password.cabal view
@@ -1,7 +1,7 @@ cabal-version: 1.12  name:           password-version:        3.0.2.1+version:        3.0.3.0 category:       Data synopsis:       Hashing and checking of passwords description:@@ -99,7 +99,7 @@   build-depends:       base        >= 4.9      && < 5     , base64      >= 0.3      && < 0.5-    , bytestring  >= 0.9      && < 0.12+    , bytestring  >= 0.9      && < 0.13     , cryptonite  >= 0.15.1   && < 0.31     , memory                     < 1     , password-types             < 2
src/Data/Password/Bcrypt.hs view
@@ -27,8 +27,21 @@ though with the default cost (10) and a decently long password, the amount of time to brute-force would still be significant. -This the algorithm to use if you're not sure about your needs, but+This is the algorithm to use if you're not sure about your needs, but just want a decent, proven way to encrypt your passwords.++== Properties of a @bcrypt@ hash++The hashes generated by this library are always prefixed by the "$2b$" version prefix.++This library will accept hashes with the "$2b$", "$2y$" and "$2a$" versions. As the+"$2$" and "$2x$" versions were created with flawed algorithms.++A @bcrypt@ hash generated by this library is _ALWAYS_ 60 characters long.+Now while the very first version of @bcrypt@ would have hashes that were 59 characters long,+because of the 1 character-long "$2$" version prefix, @bcrypt@ has had a version increase shortly+after release, turning the prefix into a 2 character-long one like "$2a$" pretty+much from the very beginning. -}  module Data.Password.Bcrypt (@@ -45,6 +58,7 @@   , PasswordCheck(..)   -- * Hashing Manually (bcrypt)   , hashPasswordWithParams+  , defaultParams   , extractParams   -- ** Hashing with salt (DISADVISED)   --@@ -113,7 +127,16 @@ -- >>> hashPassword $ mkPassword "foobar" -- PasswordHash {unPasswordHash = "$2b$10$..."} hashPassword :: MonadIO m => Password -> m (PasswordHash Bcrypt)-hashPassword = hashPasswordWithParams 10+hashPassword = hashPasswordWithParams defaultParams++-- | Default parameters for the 'Bcrypt' algorithm.+--+-- >>> defaultParams+-- 10+--+-- @since 3.0.3.0+defaultParams :: Int+defaultParams = 10  -- | Hash a password with the given cost and also with the given 'Salt' -- instead of generating a random salt. Using 'hashPasswordWithSalt' is strongly __disadvised__,
src/Data/Password/Internal.hs view
@@ -24,7 +24,7 @@     -- $setup   ) where -import Control.Monad.IO.Class (MonadIO(liftIO))+import Control.Monad.IO.Class (MonadIO (liftIO)) import Crypto.Random (getRandomBytes) import Data.ByteArray (Bytes, convert) import Data.ByteString (ByteString)
test/tasty/Bcrypt.hs view
@@ -1,6 +1,9 @@+{-# LANGUAGE OverloadedStrings #-} module Bcrypt where +import Data.Text (pack) import Test.Tasty+import Test.Tasty.HUnit (testCase, assertEqual)  import Data.Password.Bcrypt @@ -13,4 +16,21 @@   , testCorrectPassword "Bcrypt (hashPassword 2)" (hashPasswordWithParams 5) checkPassword extractParams 5   , testIncorrectPassword "Bcrypt (hashPassword) fail" (hashPasswordWithParams 4) checkPassword   , testWithSalt "Bcrypt (hashPasswordWithSalt)" (hashPasswordWithSalt 4) checkPassword extractParams 4+  , testPassword "2b"+  , testPassword "2y"+  , testPassword "2a"+-- These apparently do not work.+--   , testPassword "2x"+--   , testPassword "2"   ]++-- | Tests if the version does not matter for matching the hash.+testPassword :: String -> TestTree+testPassword s =+    testCase ("Bcrypt (can check " <> s <> ")") $+        let x = checkPassword "testtest" $ hash s+            msg = "unsuccessful hash check (" <> s <> ")"+         in assertEqual msg PasswordCheckSuccess x+  where+    hash v = PasswordHash $+        "$" <> pack v <> "$10$v0mMyoUN2ZvDqsJFPH6ft.FcpX67hdXhh7tWf8/hwWZrKZ8U2Phs6"