packages feed

scrypt 0.3.1 → 0.3.2

raw patch · 3 files changed

+27/−23 lines, 3 filesdep +entropy

Dependencies added: entropy

Files

Crypto/Scrypt.hs view
@@ -8,7 +8,7 @@ --  information see <http://www.tarsnap.com/scrypt.html>. -- module Crypto.Scrypt (-    -- *Parameters to the @scrypt@ function+    -- * Parameters to the @scrypt@ function     -- $params      ScryptParams, scryptParams, defaultParams     -- * Password Storage@@ -20,13 +20,12 @@     ) where  import Control.Applicative-import Data.ByteString.Base64 (encode) import qualified Data.ByteString.Base64 as Base64 import Data.ByteString.Char8 hiding (map, concat) import Data.Maybe import Foreign import Foreign.C-import System.IO+import System.Entropy (getEntropy)   newtype Pass          = Pass     { unPass :: ByteString } deriving (Show, Eq)@@ -38,24 +37,24 @@ ------------------------------------------------------------------------------ -- $params ----- Scrypt takes three tuning parameters: @N@, @r@ and @p@. The parameters--- affect running time and memory usage:+-- Scrypt takes three tuning parameters: @N@, @r@ and @p@. They affect running+-- time and memory usage: -- -- /Memory usage/ is approximately @128*r*N@ bytes. Note that the---  'scryptParams' function takes @log_2(N)@ as a parameter. As an example,---  the 'defaultParams'+-- 'scryptParams' function takes @log_2(N)@ as a parameter. As an example,+-- the 'defaultParams' -----  >   log_2(N) = 14, r = 8 and p = 1+-- >   log_2(N) = 14, r = 8 and p = 1 -----  lead to 'scrypt' using @128 * 8 * 2^14 = 16M@ bytes of memory.+-- lead to 'scrypt' using @128 * 8 * 2^14 = 16M@ bytes of memory. -----  /Running time/ is proportional to all of @N@, @r@ and @p@. However---  @p@ only has an insignificant influence on memory usage an can thus be---  used to independently tune the running time of 'scrypt'.+-- /Running time/ is proportional to all of @N@, @r@ and @p@. Since it's+-- influence on memory usage is small, @p@ can be used to independently tune+-- the running time. --  -- |Encapsulates the three tuning parameters to the 'scrypt' function: @N@,---  @r@ and @p@ (see above).+-- @r@ and @p@ (see above). -- data ScryptParams = Params { logN, r, p, bufLen :: Integer} deriving (Eq) @@ -132,7 +131,8 @@ combine :: ScryptParams -> Salt -> PassHash -> EncryptedPass combine Params{..} (Salt salt) (PassHash passHash) =     EncryptedPass $ intercalate "|"-        [showBS logN, showBS r, showBS p, encode salt, encode passHash]+        [ showBS logN, showBS r, showBS p+        , Base64.encode salt, Base64.encode passHash]   where     showBS = pack . show @@ -144,15 +144,16 @@         [logN, r, p] <- mapM (fmap fst . readInteger) [logN', r', p']         params       <- scryptParams logN r p         return (params, Salt salt, PassHash hash)-    go _          = Nothing-    decodeBase64  = either (const Nothing) Just . Base64.decode+    go _         = Nothing+    decodeBase64 = either (const Nothing) Just . Base64.decode  -- |Encrypt the password with the given parameters and a random 32-byte salt.--- The salt is read from @\/dev\/urandom@.+-- The salt is read from @\/dev\/urandom@ on Unix systems or @CryptoAPI@ on+-- Windows. -- encryptPass :: ScryptParams -> Pass -> IO EncryptedPass encryptPass params pass = do-    salt <- Salt <$> withBinaryFile "/dev/urandom" ReadMode (`hGet` 32)+    salt <- Salt <$> getEntropy 32     return $ combine params salt (scrypt params salt pass)  -- |Equivalent to @encryptPass defaultParams@.@@ -231,4 +232,4 @@ -- |Note the prime symbol (\'). Calls 'scrypt' with 'defaultParams'. -- scrypt' :: Salt -> Pass -> PassHash-scrypt' = scrypt $ fromJust (scryptParams 14 8 1)+scrypt' = scrypt defaultParams
README.markdown view
@@ -1,6 +1,6 @@ # Welcome to scrypt -This is a Haskell library providing bindings to [Colin Percival's `scrypt` implementation](http://www.tarsnap.com/scrypt.html). Scrypt is a key derivation function designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt.+This is a Haskell library providing bindings to [Colin Percival's scrypt implementation](http://www.tarsnap.com/scrypt.html). Scrypt is a key derivation function designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt.  Details of the scrypt key derivation function are given in a paper by Colin Percival, Stronger Key Derivation via Sequential Memory-Hard Functions: [PDF](http://www.tarsnap.com/scrypt/scrypt-slides.pdf). @@ -16,4 +16,6 @@  # Authors -This library is written and maintained by Falko Peters,  <falko.peters@gmail.com>.+This library is written and maintained by Falko Peters, <falko.peters@gmail.com>.++Thanks to Thomas DuBuisson for suggesting the changes to make this package windows-compatible.
scrypt.cabal view
@@ -1,5 +1,5 @@ name:           scrypt-version:        0.3.1+version:        0.3.2 license:        BSD3 license-file:   LICENSE category:       Cryptography@@ -36,7 +36,8 @@     build-depends:         base == 4.*,         base64-bytestring == 0.1.*,-        bytestring == 0.9.*+        bytestring == 0.9.*,+        entropy == 0.2      ghc-options: -Wall     ghc-prof-options: -auto-all