-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Make password-based security schemes more secure.
--   
--   Implementation of Password-Based Key Derivation Function, aka pbkdf2,
--   from RSA labs. I'll deprecate this if it gets folded into an
--   already-existing crypto package.
@package PBKDF2
@version 0.3


-- | Implementation of Password Based Key Derivation Function, from RSA
--   labs.
--   
--   See PKCS # 5 / RFC 2898 from rsa labs: and haskell cafe discussion on
--   why password hashing is a good idea for web apps and a suggestion that
--   this be implemented:
--   
--   <pre>
--   http://www.ietf.org/rfc/rfc2898.txt 
--   http://groups.google.com/group/fa.haskell/browse_thread/thread/66c7aeeb6e47764a/b15d9d74d68c002c
--   </pre>
--   
--   <pre>
--   hashedpass = pbkdf2 ( Password . toOctets $ "password" ) ( Salt . toOctets $ "salt" )
--   </pre>
module Crypto.PBKDF2

-- | A reasonable default for rsa pbkdf2.
--   
--   <pre>
--   pbkdf2 = pbkdf2' (prfSHA512,64) 5000 64
--   </pre>
--   
--   SHA512 outputs 64 bytes. At least 1000 iters is suggested by PKCS#5
--   (rsa link above). I chose 5000 because this takes my computer a little
--   over a second to compute a simple key derivation (see t test function
--   in source)
--   
--   Dklen of 64 seemed reasonable to me: if this is being stored in a
--   database, doesn't take too much space.
--   
--   Computational barriers can be raised by increasing number of iters
pbkdf2 :: Password -> Salt -> HashedPass

-- | Password Based Key Derivation Function, from RSA labs.
--   
--   <pre>
--   pbkdf2' (prf,hlen) cIters dklen (Password pass) (Salt salt) 
--   </pre>
--   
--   prf: pseudo random function
--   
--   hlen: length of prf output
--   
--   cIters: Number of iterations of prf
--   
--   dklen: Length of the derived key (hashed password)
pbkdf2' :: ([Word8] -> [Word8] -> [Word8], Integer) -> Integer -> Integer -> Password -> Salt -> HashedPass
newtype Password
Password :: [Word8] -> Password
newtype Salt
Salt :: [Word8] -> Salt
newtype HashedPass
HashedPass :: [Word8] -> HashedPass
toOctets :: Binary a => a -> [Word8]
fromOctets :: Binary a => [Word8] -> a
instance Read HashedPass
instance Show HashedPass
instance Ord HashedPass
instance Eq HashedPass
instance Read Salt
instance Show Salt
instance Ord Salt
instance Eq Salt
instance Read Password
instance Show Password
instance Ord Password
instance Eq Password