packages feed

pwstore-purehaskell 2.1.1 → 2.1.2

raw patch · 2 files changed

+12/−2 lines, 2 files

Files

Crypto/PasswordStore.hs view
@@ -95,6 +95,10 @@ import System.Random import Data.Maybe import Control.Exception as E+import Data.Bits+import Data.Char+import Data.List+import Data.Function  --------------------- -- Cryptographic base@@ -188,6 +192,12 @@ makePasswordSalt password salt strength = writePwHash (strength, salt, hash)     where hash = encode $ pbkdf1 password salt (2^strength) +-- | Constant-time comparison function to use instead of == when comparing with a secret+constantTimeCompare a b = +  ((==) `on` length) a b && 0 == (foldl1 (.|.) joined)+  where+    joined = zipWith (xor `on` ord) a b+ -- | @verifyPassword userInput pwHash@ verifies the password @userInput@ given -- by the user against the stored password hash @pwHash@.  Returns 'True' if the -- given password is correct, and 'False' if it is not.@@ -196,7 +206,7 @@     case readPwHash pwHash of       Nothing -> False       Just (strength, salt, goodHash) ->-          (encode $ pbkdf1 userInput salt (2^strength)) == goodHash+          (encode $ pbkdf1 userInput salt (2^strength)) `constantTimeCompare` goodHash  -- | Try to strengthen a password hash, by hashing it some more -- times. @'strengthenPassword' pwHash new_strength@ will return a new password
pwstore-purehaskell.cabal view
@@ -1,5 +1,5 @@ Name:                pwstore-purehaskell-Version:             2.1.1+Version:             2.1.2 Synopsis:            Secure password storage, in pure Haskell. Description:         To store passwords securely, they should be salted,                      then hashed with a slow hash function. This library