úÎ8€7M   portable experimentalpjscott@iastate.edu Safe-InferredHA salt is a unique random value which is stored as part of the password $ hash. You can generate a salt with  or   , or if you  really know what you'7re doing, you can create them from your own ByteString  values with . 4PBKDF1 key-derivation function. Takes a password, a , and a number of L iterations. The number of iterations should be at least 1000, and probably K more. 5000 is a reasonable number, computing almost instantaneously. This  will give a 32-byte  + as output. Both the salt and this 32-byte O key should be stored in the password file. When a user wishes to authenticate O a password, just pass it and the salt to this function, and see if the output  matches. Hash a  9 for a given number of rounds. The number of rounds is 0 I or more. If the number of rounds specified is 0, the ByteString will be  returned unmodified.  Generate a  from 128 bits of data from /dev/urandom , with the J system RNG as a fallback. This is the function used to generate salts by  .  Generate a  from /dev/urandom.  Generate a  from . Try to parse a password hash. Encode a password hash, from a (strength, salt, hash) tuple, where  strength is an  , and both salt and hash are base64-encoded   s. LHash a password with a given strength (12 is a good default). The output of = this function can be written directly to a password file or ? database. Generates a salt using high-quality randomness from  /dev/urandom7 or (if that is not available, for example on Windows)  *, which is included in the hashed output. LHash a password with a given strength (12 is a good default), using a given N salt. The output of this function can be written directly to a password file  or database. Example: 6 >>> makePasswordSalt "hunter2" "72cd18b5ebfe6e96" 12 K "sha256|12|72cd18b5ebfe6e96|Xkki10Vus/a2SN/LgCVLTT5R30lvHSCCxH6QboV+U3E=" verifyPassword userInput pwHash verifies the password  userInput given . by the user against the stored password hash pwHash . Returns  if the  given password is correct, and  if it is not. ;Try to strengthen a password hash, by hashing it some more  times.  pwHash new_strength will return a new password  hash with strength at least  new_strength#. If the password hash already has # strength greater than or equal to  new_strength, then it is returned L unmodified. If the password hash is invalid and does not parse, it will be  returned without comment. MThis function can be used to periodically update your password database when 5 computers get faster, in order to keep up with Moore's law. This isn' t hugely  important, but it's a good idea. (Return the strength of a password hash.  Create a  from a  . The input must be at least 8 N characters, and can contain arbitrary bytes. Most users will not need to use  this function.  Convert a  into a  . The resulting   will be @ base64-encoded. Most users will not need to use this function. KIs the format of a password hash valid? Attempts to parse a given password  hash. Returns  if it parses correctly, and  otherwise.  Generate a 8 with 128 bits of data taken from a given random number N generator. Returns the salt and the updated random number generator. This is  meant to be used with & by people who would prefer to either 4 use their own random number generator or avoid the  monad.             pwstore-purehaskell-2.1.1Crypto.PasswordStoreSystemRandomSalt genSaltIO makePasswordmakePasswordSaltverifyPasswordstrengthenPasswordpasswordStrengthmakeSalt exportSaltisPasswordFormatValid genSaltRandompbkdf1bytestring-0.10.0.2Data.ByteString.Internal ByteString hashRoundsgenSaltDevURandomgenSaltSysRandom readPwHash writePwHashghc-prim GHC.TypesIntTrueFalseIOSaltBS