password-3.1.1.0: password.cabal
cabal-version: 1.12
name: password
version: 3.1.1.0
category: Security
synopsis: Hashing and checking of passwords
description:
A library providing functionality for working with plain-text and hashed passwords
with different types of algorithms.
.
== API
.
Every supported hashing algorithm has its own module (e.g. "Data.Password.Bcrypt")
which exports its own @hashPassword@ and @checkPassword@ functions, as well as all the
types and functions in this module. If you are not sure about the specifics of an
algorithm you want to use, you can rest assured that by using the @hashPassword@ function
of the respective algorithm you are not making any big mistakes, security-wise.
.
Of course, if you know what you're doing and you want more fine-grained control
over the hashing function, you can adjust it using the @hashPasswordWithParams@
function of the respective algorithm.
.
== Algorithms
.
Generally, the most "secure" algorithm is believed to be @Argon2@, then @scrypt@,
then @bcrypt@, and lastly @PBKDF2@.
@bcrypt@ and @PBKDF2@ are the most established algorithms, so they have been tried and
tested, though they both lack a memory cost, and therefore have a greater vulnerability
to specialized hardware attacks.
.
When choosing an algorithm, and you have no idea which to pick, just go for @bcrypt@ if
your password does not need the highest security possible.
It's still a fine way for hashing passwords, and the cost is easily adjustable if needed.
If your needs do require stronger protection, you should find someone who can advise you
on this topic. (And if you're already knowledgeable enough, you know what to do)
homepage: https://github.com/cdepillabout/password/tree/master/password#readme
bug-reports: https://github.com/cdepillabout/password/issues
author: Dennis Gosnell, Felix Paulusma
maintainer: cdep.illabout@gmail.com, felix.paulusma@gmail.com
copyright: Copyright (c) Dennis Gosnell, 2019; Felix Paulusma, 2020
license: BSD3
license-file: LICENSE
build-type: Custom
extra-source-files:
README.md
ChangeLog.md
test/golden/*.golden
flag argon2
description: Compile with Argon2 support?
default: True
manual: True
flag bcrypt
description: Compile with bcrypt support?
default: True
manual: True
flag crypton
description: Use the [crypton] library as the cryptographic backend.
(Does nothing since version 3.1.0.0; might be removed in a future major version)
default: False
manual: True
flag cryptonite
description:
Use the [cryptonite] library as the cryptographic backend.
default: False
manual: True
flag memory-dep
description: Compile with [memory] dependency instead of [ram]
default: False
-- This should NOT be manual, so that constraint solvers
-- can figure out which version of 'crypton' is used.
manual: False
flag pbkdf2
description: Compile with PBKDF2 support?
default: True
manual: True
flag scrypt
description: Compile with scrypt support?
default: True
manual: True
custom-setup
setup-depends:
base < 5
, Cabal < 4
, cabal-doctest >= 1.0.6 && < 1.1
source-repository head
type: git
location: https://github.com/cdepillabout/password
library
hs-source-dirs:
src
exposed-modules:
Data.Password.Validate
if flag(argon2)
exposed-modules:
Data.Password.Argon2
if flag(bcrypt)
exposed-modules:
Data.Password.Bcrypt
if flag(pbkdf2)
exposed-modules:
Data.Password.PBKDF2
if flag(scrypt)
exposed-modules:
Data.Password.Scrypt
other-modules:
Paths_password
Data.Password.Internal
build-depends:
base >= 4.9 && < 5
, base64 >= 0.3 && < 1.1
, bytestring >= 0.9 && < 0.13
, password-types < 2
, template-haskell >= 2.2 && < 3
, text >= 1.2.2 && < 3
ghc-options:
-Wall
default-language:
Haskell2010
-- 'cryptonite' always means 'memory'
if flag(cryptonite)
build-depends:
cryptonite >= 0.15.1 && < 0.31,
memory < 1
else
if flag(memory-dep)
build-depends:
crypton >= 0.31 && < 1.1,
memory < 1
else
build-depends:
crypton >= 1.1 && < 1.2,
ram < 1
test-suite doctests
type:
exitcode-stdio-1.0
hs-source-dirs:
test/doctest
main-is:
doctest.hs
ghc-options:
-threaded -O2 -rtsopts -with-rtsopts=-N
build-depends:
base >= 4.9 && < 5
, base-compat
, doctest
, QuickCheck
, quickcheck-instances
default-language:
Haskell2010
test-suite password-tasty
type:
exitcode-stdio-1.0
hs-source-dirs:
src
test/tasty
main-is:
Spec.hs
other-modules:
Data.Password.Internal
-- We're also putting all the modules from
-- the library in these 'other-modules' so
-- we don't get warnings.
-- Therefore we also don't need to depend
-- on the 'password' package in 'build-depends'.
, Data.Password.Validate
, Internal
, TestPolicy
, Validate
, Paths_password
if flag(argon2)
other-modules:
Argon2
Data.Password.Argon2
if flag(bcrypt)
other-modules:
Bcrypt
Data.Password.Bcrypt
if flag(pbkdf2)
other-modules:
PBKDF2
Data.Password.PBKDF2
if flag(scrypt)
other-modules:
Scrypt
Data.Password.Scrypt
ghc-options:
-threaded -O2 -rtsopts -with-rtsopts=-N
build-depends:
base >= 4.9 && < 5
, base64
, password-types
, bytestring
, memory
, quickcheck-instances
, tasty
, tasty-hunit
, tasty-golden
, tasty-quickcheck
, template-haskell
, text
default-language:
Haskell2010
if flag(argon2)
cpp-options:
-DCABAL_FLAG_argon2
if flag(bcrypt)
cpp-options:
-DCABAL_FLAG_bcrypt
if flag(pbkdf2)
cpp-options:
-DCABAL_FLAG_pbkdf2
if flag(scrypt)
cpp-options:
-DCABAL_FLAG_scrypt
-- The scrypt package is optionally used in tests to ensure compatibility
-- between password and scrypt. However, scrypt requires the x86_64 arch
-- with the SSE2 instruction set.
if arch(x86_64)
build-depends: scrypt
if flag(cryptonite)
build-depends:
cryptonite
else
build-depends:
crypton