pwstore-fast 2.4.2 → 2.4.3
raw patch · 2 files changed
+7/−9 lines, 2 files
Files
- Crypto/PasswordStore.hs +6/−8
- pwstore-fast.cabal +1/−1
Crypto/PasswordStore.hs view
@@ -1,4 +1,4 @@-{-# LANGUAGE OverloadedStrings, BangPatterns #-}+{-# LANGUAGE OverloadedStrings, BangPatterns, FlexibleInstances #-} {-# LANGUAGE CPP #-} -- | -- Module : Crypto.PasswordStore@@ -111,7 +111,7 @@ import qualified Data.Binary as Binary import Control.Monad import Control.Monad.ST-import Data.Byteable (toBytes)+import Data.Byteable (Byteable, toBytes, constEqBytes) import Data.STRef import Data.Bits import Data.ByteString.Char8 (ByteString)@@ -123,6 +123,7 @@ import Data.Char import Data.List import Data.Function+import qualified Data.Foldable as FL --------------------- -- Cryptographic base@@ -299,11 +300,8 @@ makePasswordSalt :: ByteString -> Salt -> Int -> ByteString makePasswordSalt = makePasswordSaltWith pbkdf1 (2^) --- | Constant-time comparison function to use instead of == when comparing with a secret-constantTimeCompare a b = - ((==) `on` length) a b && 0 == (foldl1 (.|.) joined)- where- joined = zipWith (xor `on` ord) a b+instance Byteable [Char] where+ toBytes = B.pack -- | 'verifyPasswordWith' @algorithm userInput pwHash@ verifies -- the password @userInput@ given by the user against the stored password@@ -331,7 +329,7 @@ case readPwHash pwHash of Nothing -> False Just (strength, salt, goodHash) ->- encode (algorithm userInput salt (strengthModifier strength)) `constantTimeCompare` goodHash+ encode (algorithm userInput salt (strengthModifier strength)) `constEqBytes` goodHash -- | Like 'verifyPasswordWith', but uses 'pbkdf1' as algorithm. verifyPassword :: ByteString -> ByteString -> Bool
pwstore-fast.cabal view
@@ -1,5 +1,5 @@ Name: pwstore-fast-Version: 2.4.2+Version: 2.4.3 Synopsis: Secure password storage. Description: To store passwords securely, they should be salted, then hashed with a slow hash function. This library