cabal-version: 1.12 name: password version: 3.0.1.0 x-revision: 3 category: Data synopsis: Hashing and checking of passwords description: A library providing functionality for working with plain-text and hashed passwords with different types of algorithms. . == API . Every supported hashing algorithm has its own module (e.g. "Data.Password.Bcrypt") which exports its own @hashPassword@ and @checkPassword@ functions, as well as all the types and functions in this module. If you are not sure about the specifics of an algorithm you want to use, you can rest assured that by using the @hashPassword@ function of the respective algorithm you are not making any big mistakes, security-wise. . Of course, if you know what you're doing and you want more fine-grained control over the hashing function, you can adjust it using the @hashPasswordWithParams@ function of the respective algorithm. . == Algorithms . Generally, the most "secure" algorithm is believed to be @Argon2@, then @scrypt@, then @bcrypt@, and lastly @PBKDF2@. @bcrypt@ and @PBKDF2@ are the most established algorithms, so they have been tried and tested, though they both lack a memory cost, and therefore have a greater vulnerability to specialized hardware attacks. . When choosing an algorithm, and you have no idea which to pick, just go for @bcrypt@ if your password does not need the highest security possible. It's still a fine way for hashing passwords, and the cost is easily adjustable if needed. If your needs do require stronger protection, you should find someone who can advise you on this topic. (And if you're already knowledgeable enough, you know what to do) homepage: https://github.com/cdepillabout/password/tree/master/password#readme bug-reports: https://github.com/cdepillabout/password/issues author: Dennis Gosnell, Felix Paulusma maintainer: cdep.illabout@gmail.com, felix.paulusma@gmail.com copyright: Copyright (c) Dennis Gosnell, 2019; Felix Paulusma, 2020 license: BSD3 license-file: LICENSE build-type: Custom extra-source-files: README.md ChangeLog.md custom-setup setup-depends: base , Cabal , cabal-doctest >=1.0.6 && <1.1 source-repository head type: git location: https://github.com/cdepillabout/password library hs-source-dirs: src exposed-modules: Data.Password.Argon2 Data.Password.Bcrypt Data.Password.PBKDF2 Data.Password.Scrypt Data.Password.Validate other-modules: Paths_password Data.Password.Internal build-depends: base >= 4.9 && < 5 , base64 >= 0.3 && < 0.5 , bytestring >= 0.10.8.1 && < 0.12 , cryptonite >= 0.15.1 , memory >= 0.14 , password-types < 2 , template-haskell , text >= 1.2.2 && < 1.3 ghc-options: -Wall default-language: Haskell2010 test-suite doctests type: exitcode-stdio-1.0 hs-source-dirs: test/doctest main-is: doctest.hs ghc-options: -threaded -O2 -rtsopts -with-rtsopts=-N build-depends: base >=4.9 && <5 , base-compat , doctest , password , QuickCheck , quickcheck-instances , template-haskell default-language: Haskell2010 test-suite password-tasty type: exitcode-stdio-1.0 hs-source-dirs: test/tasty main-is: Spec.hs other-modules: Argon2 , Bcrypt , Internal , PBKDF2 , Scrypt , TestPolicy , Validate , Paths_password ghc-options: -threaded -O2 -rtsopts -with-rtsopts=-N build-depends: base >=4.9 && <5 , password , password-types , bytestring , cryptonite , memory , quickcheck-instances , scrypt , tasty , tasty-hunit , tasty-quickcheck , text default-language: Haskell2010