Changelog for password
2.0.1.1
2.0.1.0
- Switched checking hashes to using
Data.ByteArray.constEq
, instead of
the default (==)
method of ByteString
. This is to make it more secure
against timing attacks. #16
Thanks to maralorn (@maralorn) for bringing
this up.
2.0.0.1
- Fixed README markdown for hackage.
2.0.0.0
- Complete overhaul of the library to include hashing and checking
passwords with not just
scrypt
, but also PBKDF2
, bcrypt
and
Argon2
.
#8
cryptonite
is now used as a dependency, instead of the scrypt
package.
#8
- Done away with abbreviating "password" (
Pass/pass
-> Password/password
)
#8
- Removed
unsafeShowPasswordText
and changed unsafeShowPassword
to be
Password -> Text
. (Anyone who needs it to be a String
knows where to
find Data.Text.unpack
)
#8
- GHC versions < 8.2 are no longer actively supported. (Tested to work for GHC 8.2.2)
1.0.0.0
hashPassWithSalt
has switched function arguments for better currying.
#6
Although be warned that multiple passwords
should not be hashed with the same salt.
- Removed
Read
instance from Pass
and added Show
instance.
#6
See #5
for justification of this.
newSalt
is now MonadIO m
instead of IO
.
#6
PassCheckSucc
has been renamed to PassCheckSuccess
.
#6
- Hide data constructor from
Pass
and add the mkPass
function to construct a Pass
.
#6
- Thanks to Felix Paulusma (@Vlix) for the above
changes!
0.1.0.1
- Small fix to make sure the doctests build with stack.
#3
0.1.0.0