scrypt 0.3.1 → 0.3.2
raw patch · 3 files changed
+27/−23 lines, 3 filesdep +entropy
Dependencies added: entropy
Files
- Crypto/Scrypt.hs +20/−19
- README.markdown +4/−2
- scrypt.cabal +3/−2
Crypto/Scrypt.hs view
@@ -8,7 +8,7 @@ -- information see <http://www.tarsnap.com/scrypt.html>. -- module Crypto.Scrypt (- -- *Parameters to the @scrypt@ function+ -- * Parameters to the @scrypt@ function -- $params ScryptParams, scryptParams, defaultParams -- * Password Storage@@ -20,13 +20,12 @@ ) where import Control.Applicative-import Data.ByteString.Base64 (encode) import qualified Data.ByteString.Base64 as Base64 import Data.ByteString.Char8 hiding (map, concat) import Data.Maybe import Foreign import Foreign.C-import System.IO+import System.Entropy (getEntropy) newtype Pass = Pass { unPass :: ByteString } deriving (Show, Eq)@@ -38,24 +37,24 @@ ------------------------------------------------------------------------------ -- $params ----- Scrypt takes three tuning parameters: @N@, @r@ and @p@. The parameters--- affect running time and memory usage:+-- Scrypt takes three tuning parameters: @N@, @r@ and @p@. They affect running+-- time and memory usage: -- -- /Memory usage/ is approximately @128*r*N@ bytes. Note that the--- 'scryptParams' function takes @log_2(N)@ as a parameter. As an example,--- the 'defaultParams'+-- 'scryptParams' function takes @log_2(N)@ as a parameter. As an example,+-- the 'defaultParams' ----- > log_2(N) = 14, r = 8 and p = 1+-- > log_2(N) = 14, r = 8 and p = 1 ----- lead to 'scrypt' using @128 * 8 * 2^14 = 16M@ bytes of memory.+-- lead to 'scrypt' using @128 * 8 * 2^14 = 16M@ bytes of memory. ----- /Running time/ is proportional to all of @N@, @r@ and @p@. However--- @p@ only has an insignificant influence on memory usage an can thus be--- used to independently tune the running time of 'scrypt'.+-- /Running time/ is proportional to all of @N@, @r@ and @p@. Since it's+-- influence on memory usage is small, @p@ can be used to independently tune+-- the running time. -- -- |Encapsulates the three tuning parameters to the 'scrypt' function: @N@,--- @r@ and @p@ (see above).+-- @r@ and @p@ (see above). -- data ScryptParams = Params { logN, r, p, bufLen :: Integer} deriving (Eq) @@ -132,7 +131,8 @@ combine :: ScryptParams -> Salt -> PassHash -> EncryptedPass combine Params{..} (Salt salt) (PassHash passHash) = EncryptedPass $ intercalate "|"- [showBS logN, showBS r, showBS p, encode salt, encode passHash]+ [ showBS logN, showBS r, showBS p+ , Base64.encode salt, Base64.encode passHash] where showBS = pack . show @@ -144,15 +144,16 @@ [logN, r, p] <- mapM (fmap fst . readInteger) [logN', r', p'] params <- scryptParams logN r p return (params, Salt salt, PassHash hash)- go _ = Nothing- decodeBase64 = either (const Nothing) Just . Base64.decode+ go _ = Nothing+ decodeBase64 = either (const Nothing) Just . Base64.decode -- |Encrypt the password with the given parameters and a random 32-byte salt.--- The salt is read from @\/dev\/urandom@.+-- The salt is read from @\/dev\/urandom@ on Unix systems or @CryptoAPI@ on+-- Windows. -- encryptPass :: ScryptParams -> Pass -> IO EncryptedPass encryptPass params pass = do- salt <- Salt <$> withBinaryFile "/dev/urandom" ReadMode (`hGet` 32)+ salt <- Salt <$> getEntropy 32 return $ combine params salt (scrypt params salt pass) -- |Equivalent to @encryptPass defaultParams@.@@ -231,4 +232,4 @@ -- |Note the prime symbol (\'). Calls 'scrypt' with 'defaultParams'. -- scrypt' :: Salt -> Pass -> PassHash-scrypt' = scrypt $ fromJust (scryptParams 14 8 1)+scrypt' = scrypt defaultParams
README.markdown view
@@ -1,6 +1,6 @@ # Welcome to scrypt -This is a Haskell library providing bindings to [Colin Percival's `scrypt` implementation](http://www.tarsnap.com/scrypt.html). Scrypt is a key derivation function designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt.+This is a Haskell library providing bindings to [Colin Percival's scrypt implementation](http://www.tarsnap.com/scrypt.html). Scrypt is a key derivation function designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt. Details of the scrypt key derivation function are given in a paper by Colin Percival, Stronger Key Derivation via Sequential Memory-Hard Functions: [PDF](http://www.tarsnap.com/scrypt/scrypt-slides.pdf). @@ -16,4 +16,6 @@ # Authors -This library is written and maintained by Falko Peters, <falko.peters@gmail.com>.+This library is written and maintained by Falko Peters, <falko.peters@gmail.com>.++Thanks to Thomas DuBuisson for suggesting the changes to make this package windows-compatible.
scrypt.cabal view
@@ -1,5 +1,5 @@ name: scrypt-version: 0.3.1+version: 0.3.2 license: BSD3 license-file: LICENSE category: Cryptography@@ -36,7 +36,8 @@ build-depends: base == 4.*, base64-bytestring == 0.1.*,- bytestring == 0.9.*+ bytestring == 0.9.*,+ entropy == 0.2 ghc-options: -Wall ghc-prof-options: -auto-all