Cabal revisions of password-3.0.4.0
Hackage metadata revisions edit the .cabal file after upload; each diff below is one revision.
revision 1
-cabal-version: 1.12--name: password-version: 3.0.4.0-category: Data-synopsis: Hashing and checking of passwords-description:- A library providing functionality for working with plain-text and hashed passwords- with different types of algorithms.- .- == API- .- Every supported hashing algorithm has its own module (e.g. "Data.Password.Bcrypt")- which exports its own @hashPassword@ and @checkPassword@ functions, as well as all the- types and functions in this module. If you are not sure about the specifics of an- algorithm you want to use, you can rest assured that by using the @hashPassword@ function- of the respective algorithm you are not making any big mistakes, security-wise.- .- Of course, if you know what you're doing and you want more fine-grained control- over the hashing function, you can adjust it using the @hashPasswordWithParams@- function of the respective algorithm.- .- == Algorithms- .- Generally, the most "secure" algorithm is believed to be @Argon2@, then @scrypt@,- then @bcrypt@, and lastly @PBKDF2@.- @bcrypt@ and @PBKDF2@ are the most established algorithms, so they have been tried and- tested, though they both lack a memory cost, and therefore have a greater vulnerability- to specialized hardware attacks.- .- When choosing an algorithm, and you have no idea which to pick, just go for @bcrypt@ if- your password does not need the highest security possible.- It's still a fine way for hashing passwords, and the cost is easily adjustable if needed.- If your needs do require stronger protection, you should find someone who can advise you- on this topic. (And if you're already knowledgeable enough, you know what to do)--homepage: https://github.com/cdepillabout/password/tree/master/password#readme-bug-reports: https://github.com/cdepillabout/password/issues-author: Dennis Gosnell, Felix Paulusma-maintainer: cdep.illabout@gmail.com, felix.paulusma@gmail.com-copyright: Copyright (c) Dennis Gosnell, 2019; Felix Paulusma, 2020-license: BSD3-license-file: LICENSE-build-type: Custom-extra-source-files:- README.md- ChangeLog.md--flag argon2- description: Compile with Argon2 support?- default: True- manual: True--flag bcrypt- description: Compile with bcrypt support?- default: True- manual: True--flag crypton- description: Use the [crypton] library as the cryptographic backend.- default: False- manual: True--flag cryptonite- description:- Use the [cryptonite] library as the cryptographic backend.- (Does nothing until a future major version)- default: False- manual: True--flag pbkdf2- description: Compile with PBKDF2 support?- default: True- manual: True--flag scrypt- description: Compile with scrypt support?- default: True- manual: True--custom-setup- setup-depends:- base <5- , Cabal <4- , cabal-doctest >=1.0.6 && <1.1--source-repository head- type: git- location: https://github.com/cdepillabout/password--library- hs-source-dirs:- src- exposed-modules:- Data.Password.Validate- if flag(argon2)- exposed-modules:- Data.Password.Argon2- if flag(bcrypt)- exposed-modules:- Data.Password.Bcrypt- if flag(pbkdf2)- exposed-modules:- Data.Password.PBKDF2- if flag(scrypt)- exposed-modules:- Data.Password.Scrypt- other-modules:- Paths_password- Data.Password.Internal- build-depends:- base >= 4.9 && < 5- , base64 >= 0.3 && < 1.1- , bytestring >= 0.9 && < 0.13- , memory < 1- , password-types < 2- , template-haskell- , text >= 1.2.2 && < 3- ghc-options:- -Wall- default-language:- Haskell2010- -- At some future major version bump, this should- -- be changed to the [cryptonite] flag and that- -- `if flag(cryptonite) build-depends: cryptonite`- if flag(crypton)- build-depends:- crypton >= 0.31 && < 0.35- else- build-depends:- cryptonite >= 0.15.1 && < 0.31--test-suite doctests- type:- exitcode-stdio-1.0- hs-source-dirs:- test/doctest- main-is:- doctest.hs- ghc-options:- -threaded -O2 -rtsopts -with-rtsopts=-N- build-depends:- base >=4.9 && <5- , base-compat- , doctest- , password- , QuickCheck- , quickcheck-instances- , template-haskell- default-language:- Haskell2010--test-suite password-tasty- type:- exitcode-stdio-1.0- hs-source-dirs:- src- test/tasty- main-is:- Spec.hs- other-modules:- Data.Password.Internal- -- We're also putting all the modules from- -- the library in these 'other-modules' so- -- we don't get warnings.- -- Therefore we also don't need to depend- -- on the 'password' package in 'build-depends'.- , Data.Password.Validate- , Internal- , TestPolicy- , Validate- , Paths_password- if flag(argon2)- other-modules:- Argon2- Data.Password.Argon2- if flag(bcrypt)- other-modules:- Bcrypt- Data.Password.Bcrypt- if flag(pbkdf2)- other-modules:- PBKDF2- Data.Password.PBKDF2- if flag(scrypt)- other-modules:- Scrypt- Data.Password.Scrypt- ghc-options:- -threaded -O2 -rtsopts -with-rtsopts=-N- build-depends:- base >=4.9 && <5- , base64- , password-types- , bytestring- , memory- , quickcheck-instances- , scrypt- , tasty- , tasty-hunit- , tasty-quickcheck- , template-haskell- , text- default-language:- Haskell2010- if flag(argon2)- cpp-options:- -DCABAL_FLAG_argon2- if flag(bcrypt)- cpp-options:- -DCABAL_FLAG_bcrypt- if flag(pbkdf2)- cpp-options:- -DCABAL_FLAG_pbkdf2- if flag(scrypt)- cpp-options:- -DCABAL_FLAG_scrypt- -- At some future major version bump, this should- -- be changed to the [cryptonite] flag and that- -- `if flag(cryptonite) build-depends: cryptonite`- if flag(crypton)- build-depends:- crypton- else- build-depends:- cryptonite+cabal-version: 1.12 + +name: password +version: 3.0.4.0 +x-revision: 1 +category: Data +synopsis: Hashing and checking of passwords +description: + A library providing functionality for working with plain-text and hashed passwords + with different types of algorithms. + . + == API + . + Every supported hashing algorithm has its own module (e.g. "Data.Password.Bcrypt") + which exports its own @hashPassword@ and @checkPassword@ functions, as well as all the + types and functions in this module. If you are not sure about the specifics of an + algorithm you want to use, you can rest assured that by using the @hashPassword@ function + of the respective algorithm you are not making any big mistakes, security-wise. + . + Of course, if you know what you're doing and you want more fine-grained control + over the hashing function, you can adjust it using the @hashPasswordWithParams@ + function of the respective algorithm. + . + == Algorithms + . + Generally, the most "secure" algorithm is believed to be @Argon2@, then @scrypt@, + then @bcrypt@, and lastly @PBKDF2@. + @bcrypt@ and @PBKDF2@ are the most established algorithms, so they have been tried and + tested, though they both lack a memory cost, and therefore have a greater vulnerability + to specialized hardware attacks. + . + When choosing an algorithm, and you have no idea which to pick, just go for @bcrypt@ if + your password does not need the highest security possible. + It's still a fine way for hashing passwords, and the cost is easily adjustable if needed. + If your needs do require stronger protection, you should find someone who can advise you + on this topic. (And if you're already knowledgeable enough, you know what to do) + +homepage: https://github.com/cdepillabout/password/tree/master/password#readme +bug-reports: https://github.com/cdepillabout/password/issues +author: Dennis Gosnell, Felix Paulusma +maintainer: cdep.illabout@gmail.com, felix.paulusma@gmail.com +copyright: Copyright (c) Dennis Gosnell, 2019; Felix Paulusma, 2020 +license: BSD3 +license-file: LICENSE +build-type: Custom +extra-source-files: + README.md + ChangeLog.md + +flag argon2 + description: Compile with Argon2 support? + default: True + manual: True + +flag bcrypt + description: Compile with bcrypt support? + default: True + manual: True + +flag crypton + description: Use the [crypton] library as the cryptographic backend. + default: False + manual: True + +flag cryptonite + description: + Use the [cryptonite] library as the cryptographic backend. + (Does nothing until a future major version) + default: False + manual: True + +flag pbkdf2 + description: Compile with PBKDF2 support? + default: True + manual: True + +flag scrypt + description: Compile with scrypt support? + default: True + manual: True + +custom-setup + setup-depends: + base <5 + , Cabal <4 + , cabal-doctest >=1.0.6 && <1.1 + +source-repository head + type: git + location: https://github.com/cdepillabout/password + +library + hs-source-dirs: + src + exposed-modules: + Data.Password.Validate + if flag(argon2) + exposed-modules: + Data.Password.Argon2 + if flag(bcrypt) + exposed-modules: + Data.Password.Bcrypt + if flag(pbkdf2) + exposed-modules: + Data.Password.PBKDF2 + if flag(scrypt) + exposed-modules: + Data.Password.Scrypt + other-modules: + Paths_password + Data.Password.Internal + build-depends: + base >= 4.9 && < 5 + , base64 >= 0.3 && < 1.1 + , bytestring >= 0.9 && < 0.13 + , memory < 1 + , password-types < 2 + , template-haskell + , text >= 1.2.2 && < 3 + ghc-options: + -Wall + default-language: + Haskell2010 + -- At some future major version bump, this should + -- be changed to the [cryptonite] flag and that + -- `if flag(cryptonite) build-depends: cryptonite` + if flag(crypton) + build-depends: + crypton >= 0.31 && < 1.1 + else + build-depends: + cryptonite >= 0.15.1 && < 0.31 + +test-suite doctests + type: + exitcode-stdio-1.0 + hs-source-dirs: + test/doctest + main-is: + doctest.hs + ghc-options: + -threaded -O2 -rtsopts -with-rtsopts=-N + build-depends: + base >=4.9 && <5 + , base-compat + , doctest + , password + , QuickCheck + , quickcheck-instances + , template-haskell + default-language: + Haskell2010 + +test-suite password-tasty + type: + exitcode-stdio-1.0 + hs-source-dirs: + src + test/tasty + main-is: + Spec.hs + other-modules: + Data.Password.Internal + -- We're also putting all the modules from + -- the library in these 'other-modules' so + -- we don't get warnings. + -- Therefore we also don't need to depend + -- on the 'password' package in 'build-depends'. + , Data.Password.Validate + , Internal + , TestPolicy + , Validate + , Paths_password + if flag(argon2) + other-modules: + Argon2 + Data.Password.Argon2 + if flag(bcrypt) + other-modules: + Bcrypt + Data.Password.Bcrypt + if flag(pbkdf2) + other-modules: + PBKDF2 + Data.Password.PBKDF2 + if flag(scrypt) + other-modules: + Scrypt + Data.Password.Scrypt + ghc-options: + -threaded -O2 -rtsopts -with-rtsopts=-N + build-depends: + base >=4.9 && <5 + , base64 + , password-types + , bytestring + , memory + , quickcheck-instances + , scrypt + , tasty + , tasty-hunit + , tasty-quickcheck + , template-haskell + , text + default-language: + Haskell2010 + if flag(argon2) + cpp-options: + -DCABAL_FLAG_argon2 + if flag(bcrypt) + cpp-options: + -DCABAL_FLAG_bcrypt + if flag(pbkdf2) + cpp-options: + -DCABAL_FLAG_pbkdf2 + if flag(scrypt) + cpp-options: + -DCABAL_FLAG_scrypt + -- At some future major version bump, this should + -- be changed to the [cryptonite] flag and that + -- `if flag(cryptonite) build-depends: cryptonite` + if flag(crypton) + build-depends: + crypton + else + build-depends: + cryptonite