-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Make password-based security schemes more secure.
--   
--   Implementation of Password-Based Key Derivation Function, aka pbkdf2,
--   from RSA labs.
--   http:<i></i>tools.ietf.org<i>html</i>rfc2898#section-5.2 I'll
--   deprecate this if it's adopted into the Crypto package.
@package PBKDF2
@version 0.1


-- | Implementation of Password Based Key Derivation Function, from RSA
--   labs.
--   
--   See PKCS # 5 / RFC 2898 from rsa labs: and haskell cafe discussion on
--   why password hashing is a good idea for web apps and a suggestion that
--   this be implemented:
--   
--   <pre>
--   http://www.ietf.org/rfc/rfc2898.txt 
--   http://groups.google.com/group/fa.haskell/browse_thread/thread/66c7aeeb6e47764a/b15d9d74d68c002c
--   </pre>
module Crypto.PBKDF2

-- | A reasonable default for rsa pbkdf2.
--   
--   <pre>
--   pbkdf2 = pbkdf2' (prfSHA512,64) 5000 64
--   </pre>
--   
--   SHA512 outputs 64 bytes. At least 1000 iters is suggested by PKCS#5
--   (rsa link above). I chose 5000 because this takes my computer a little
--   over a second to compute a simple key derivation (see t test function
--   in source)
--   
--   Dklen of 64 seemed reasonable to me: if this is being stored in a
--   database, doesn't take too much space.
--   
--   Computational barriers can be raised by increasing number of iters
pbkdf2 :: Password -> Salt -> HashedPass

-- | Password Based Key Derivation Function, from RSA labs.
--   
--   <pre>
--   pbkdf2' (prf,hlen) cIters dklen (Password pass) (Salt salt) 
--   </pre>
--   
--   prf: pseudo random function
--   
--   hlen: length of prf output
--   
--   cIters: Number of iterations of prf
--   
--   dklen: Length of the derived key (hashed password)
pbkdf2' :: ([Word8] -> [Word8] -> [Word8], Integer) -> Integer -> Integer -> Password -> Salt -> HashedPass
instance Show HashedPass