Îõ³h$SúPk“      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’.(c) Dennis Gosnell, 2019; Felix Paulusma, 2020BSD-style (see LICENSE file)cdep.illabout@gmail.com experimentalPOSIXNone X passwordÕThe result of checking a password against a hashed version. This is returned by the  checkPassword functions.passwordØThe password check was successful. The plain-text password matches the hashed password.password×The password check failed. The plain-text password does not match the hashed password.“password#Generate a random x-byte-long salt.”password Converting • to –—password Converting – to •˜passwordDecodes a base64 • to a regular ™ (if possible)špasswordSame as › but works on •œpasswordSame as  but works on •žpassword&(UNSAFE) Pad a base64 text to "length Ÿ 4 == 0" with "=" passwordá(UNSAFE) Removes the "=" padding from a base64 text given the length of the original bytestring. “”—˜šœž (c) Felix Paulusma, 2020BSD-style (see LICENSE file)cdep.illabout@gmail.com experimentalPOSIXNone=passwordPhantom type for bcryptpassword Hash the   using the bcrypt hash algorithm.N.B.: bcryptÎ has a limit of 72 bytes as input, so anything longer than that will be cut off at the 72 byte point and thus any password that is 72 bytes or longer will match as long as the first 72 bytes are the same."hashPassword $ mkPassword "foobar",PasswordHash {unPasswordHash = "$2b$10$..."}password let correctPasswordHash = hashPasswordWithSalt 8 salt "foobar" in checkPassword badpass correctPasswordHash == PasswordCheckFailpasswordGenerate a random 16-byte bcrypt saltpasswordýThe cost parameter. Should be between 4 and 31 (inclusive). Values which lie outside this range will be adjusted accordingly.passwordÀThe salt. MUST be 16 bytes in length or an error will be raised.passwordThe password to be hashed.password#The bcrypt hash in standard format.passwordýThe cost parameter. Should be between 4 and 31 (inclusive). Values which lie outside this range will be adjusted accordingly.passwordThe password to be hashed.password#The bcrypt hash in standard format.     (c) Felix Paulusma, 2020BSD-style (see LICENSE file)cdep.illabout@gmail.com experimentalPOSIXNone #$Ùà NpasswordParameters used in the " hashing algorithm.password8Bytes to randomly generate as a unique salt, default is 16Limits are min: 8 , and max:  (2 ^ 32) - 1password+Which variant of Argon2 to use, default is password+Which version of Argon2 to use, default is passwordMemory cost, given in  kibibytes , default is 65536 (i.e. 64MB)Limits are min: 8 *  ', and max is addressing space / 2, or  (2 ^ 32) - 1, whichever is lower.password+Amount of computation realized, default is 2Limits are min: 1 , and max:  (2 ^ 32) - 1 passwordParallelism factor, default is 1Limits are min: 1 , and max:  (2 ^ 24) - 1!password'Output key length in bytes, default is 32Limits are min: 4 , and max:  (2 ^ 32) - 1"passwordPhantom type for Argon2#password Hash the   using the " hash algorithm"hashPassword $ mkPassword "foobar"ÈPasswordHash {unPasswordHash = "$argon2id$v=19$m=65536,t=2,p=1$...$..."}$passwordDefault parameters for the " algorithm. defaultParams±Argon2Params {argon2Salt = 16, argon2Variant = Argon2id, argon2Version = Version13, argon2MemoryCost = 65536, argon2TimeCost = 2, argon2Parallelism = 1, argon2OutputLength = 32}%passwordHash a password with the given  and also with the given + instead of a random generated salt using  from . (cf. & ) Using % is strongly  disadvised and & should be used instead. 3Never use a static salt in production applications!N.B.Ë: The salt HAS to be 8 bytes or more, or this function will throw an error!"let salt = Salt "abcdefghijklmnop"=hashPasswordWithSalt defaultParams salt (mkPassword "foobar")ƒPasswordHash {unPasswordHash = "$argon2id$v=19$m=65536,t=2,p=1$YWJjZGVmZ2hpamtsbW5vcA$BztdyfEefG5V18ZNlztPrfZaU5duVFKZiI6dJeWht0o"}(Note that we use an explicit ä in the example above. This is so that the example is reproducible, but in general you should use #. # generates a new  everytime it is called.)&passwordHash a password using the " algorithm with the given .N.B.Æ: If you have any doubt in your knowledge of cryptography and/or the " algorithm, please just use #.Advice to set the parameters:ÊFigure out how many threads you can use, choose "parallelism" accordingly.ÉFigure out how much memory you can use, choose "memory cost" accordingly.Decide on the maximum time xÓ you can spend on it, choose the largest "time cost" such that it takes less than x/ with your system and other parameter choices.'passwordCheck a   against a   ".Returns  on success.let pass = mkPassword "foobar"passHash <- hashPassword passcheckPassword pass passHashPasswordCheckSuccessReturns  if an incorrect   or   " is used.-let badpass = mkPassword "incorrect-password"checkPassword badpass passHashPasswordCheckFail:This should always fail if an incorrect password is given.\(Blind badpass) -> let correctPasswordHash = hashPasswordWithSalt testParams salt "foobar" in checkPassword badpass correctPasswordHash == PasswordCheckFail(passwordGenerate a random 16-byte Argon2 salt#   !"#$%&'(#" # '&$ !%( (c) Felix Paulusma, 2020BSD-style (see LICENSE file)cdep.illabout@gmail.com experimentalPOSIXNone #$à+± +password6Type of algorithm to use for hashing PBKDF2 passwords.N.B.: , and - are not considered very secure.0passwordParameters used in the 6 hashing algorithm.2password8Bytes to randomly generate as a unique salt, default is 163password/Which algorithm to use for hashing, default is /4passwordRounds to hash, default is 25,0005password'Output key length in bytes, default is 64Limits are min: 1, max: .the amount of entropy of the hashing algorithm$. This is limited automatically to 16, 20, 32, 64 for MD5, SHA1, SHA256, SHA512, respectively.6passwordPhantom type for PBKDF27password Hash the   using the 6 hash algorithm"hashPassword $ mkPassword "foobar"6PasswordHash {unPasswordHash = "sha512:25000:...:..."}8passwordDefault parameters for the 6 algorithm. defaultParamsòPBKDF2Params {pbkdf2Salt = 16, pbkdf2Algorithm = PBKDF2_SHA512, pbkdf2Iterations = 25000, pbkdf2OutputLength = 64}9passwordHash a password with the given 0 and also with the given - instead of a randomly generated salt using 2 from 0. (cf. : ) Using 9 is strongly  disadvised and : should be used instead. 3Never use a static salt in production applications!"let salt = Salt "abcdefghijklmnop"=hashPasswordWithSalt defaultParams salt (mkPassword "foobar") PasswordHash {unPasswordHash = "sha512:25000:YWJjZGVmZ2hpamtsbW5vcA==:JRElYYrOMe9OIV4LDxaLTgO9ho8fFBVofXoQcdngi7AcuH6Amvmlj2B0y6y1UtQciXXBepSCS+rpy8/vDDQvoA=="}(Note that we use an explicit ä in the example above. This is so that the example is reproducible, but in general you should use 7. 7 (and :) generates a new  everytime it is called.):passwordHash a password using the 6 algorithm with the given 0.N.B.Æ: If you have any doubt in your knowledge of cryptography and/or the 6 algorithm, please just use 7.;passwordCheck a   against a   6.Returns  on success.let pass = mkPassword "foobar"passHash <- hashPassword passcheckPassword pass passHashPasswordCheckSuccessReturns  if an incorrect   or   6 is used.-let badpass = mkPassword "incorrect-password"checkPassword badpass passHashPasswordCheckFail:This should always fail if an incorrect password is given.\(Blind badpass) -> let correctPasswordHash = hashPasswordWithSalt testParams salt "foobar" in checkPassword badpass correctPasswordHash == PasswordCheckFail<passwordGenerate a random 16-byte PBKDF2 salt  +/,-.0123456789:;<6 7 ;:8012345+/,-.9< .(c) Dennis Gosnell, 2019; Felix Paulusma, 2020BSD-style (see LICENSE file)cdep.illabout@gmail.com experimentalPOSIXNone #$8à ApasswordParameters used in the H hashing algorithm.Cpassword8Bytes to randomly generate as a unique salt, default is 32Dpassword#log2(N) rounds to hash, default is 14 (i.e. 2^14 rounds)EpasswordBlock size, default is 8Limits are min: 1 , and max: ,scryptBlockSize * scryptParallelism < 2 ^ 30FpasswordParallelism factor, default is 1Limits are min: 0 , and max: ,scryptBlockSize * scryptParallelism < 2 ^ 30Gpassword'Output key length in bytes, default is 64HpasswordPhantom type for scryptIpassword Hash the   using the H hash algorithm"hashPassword $ mkPassword "foobar"0PasswordHash {unPasswordHash = "14|8|1|...|..."}JpasswordDefault parameters for the H algorithm. defaultParamsöScryptParams {scryptSalt = 32, scryptRounds = 14, scryptBlockSize = 8, scryptParallelism = 1, scryptOutputLength = 64}KpasswordHash a password with the given A and also with the given - instead of a randomly generated salt using C from A . Using K is strongly  disadvised and L should be used instead. 3Never use a static salt in production applications!The resulting  5 has the parameters used to hash it, as well as the  appended to it, separated by |. The input  and resulting   are both base64 encoded.2let salt = Salt "abcdefghijklmnopqrstuvwxyz012345"=hashPasswordWithSalt defaultParams salt (mkPassword "foobar")®PasswordHash {unPasswordHash = "14|8|1|YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU=|nENDaqWBmPKapAqQ3//H0iBImweGjoTqn5SvBS8Mc9FPFbzq6w65maYPZaO+SPamVZRXQjARQ8Y+5rhuDhjIhw=="}(Note that we use an explicit ä in the example above. This is so that the example is reproducible, but in general you should use I. I generates a new  everytime it is called.)LpasswordHash a password using the H algorithm with the given A.N.B.Æ: If you have any doubt in your knowledge of cryptography and/or the H algorithm, please just use I."Advice for setting the parameters:Memory used is about: (2 ^ D) * E * 128 Increasing E and D+ will increase CPU time and memory used. Increasing FÌ will increase CPU time. (since this implementation, like most, runs the F+ parameter in sequence, not in parallel)MpasswordCheck a   against a   H.Returns  on success.let pass = mkPassword "foobar"passHash <- hashPassword passcheckPassword pass passHashPasswordCheckSuccessReturns  if an incorrect   or   H is used.-let badpass = mkPassword "incorrect-password"checkPassword badpass passHashPasswordCheckFail:This should always fail if an incorrect password is given.\(Blind badpass) -> let correctPasswordHash = hashPasswordWithSalt testParams salt "foobar" in checkPassword badpass correctPasswordHash == PasswordCheckFailNpasswordGenerate a random 32-byte scrypt salt  ABCDEFGHIJKLMNH I MLJABCDEFGKN ,(c) Hiroto Shioi, 2020; Felix Paulusma, 2020BSD-style (see LICENSE file)cdep.illabout@gmail.com experimentalPOSIXNone #$àOÉ)QpasswordResult of validating a  .TpasswordPossible reasons for a m to be invalidUpassword Value of o is bigger than p )InvalidLength minimumLength maximumLengthVpassword Value of p is zero or less  MaxLengthBelowZero maximumLengthWpassword÷The total of the character category amount requirements are higher than the maximum length of the password. (i.e. the ¡ signifies the total of r + q + t + s) >CategoryAmountsAboveMaxLength maximumLength totalRequiredCharsXpasswordu does not return ¢ for a c that requires at least _ characters in the passwordYpasswordPossible reasons for a   to be invalid.Zpassword Length of   is too short.[password Length of   is too long.\password 0 does not contain required number of characters.]password ( contains characters that cannot be usedcpasswordCharacter categoriesdpasswordUppercase lettersepasswordLowercase lettersfpasswordSpecial charactersgpassword ASCII digitshpasswordÇPredicate which defines the characters that can be used for a password.kpasswordA m" that has been checked to be validlpassword#In case you'd want to retrieve the m from the kmpassword#Set of policies used to validate a  .When defining your own m, please keep in mind that: The value of p must be bigger than 0 The value of p must be bigger than o.If any other field has a negative value (e.g. r), it will be defaulted to 0ÊThe total sum of all character category values (i.e. all fields ending in -Chars*) must not be larger than the value of p. The provided hó needs to allow at least one of the characters in the categories which require more than 0 characters. (e.g. if r is > 0, the u. must allow at least one of the characters in  ['a'..'z'])9or else the validation functions will return one or more Ts.8If you're unsure of what to do, please use the default: xopassword Required password minimum lengthppassword Required password maximum lengthqpassword(Required number of upper-case charactersrpassword(Required number of lower-case charactersspassword%Required number of special characterstpassword)Required number of ASCII-digit charactersupassword:Which characters are acceptable for use in passwords (cf. y)vpasswordAll ¡ fields of the m in a rowwpasswordDefault value for the m.üEnforces that a password must be between 8-64 characters long, though can easily be adjusted by using record update syntax: 7myPolicy = defaultPasswordPolicy{ minimumLength = 12 } ?Do note that this being a default policy doesn't make it a good }xpassword Unchangeable w, but guaranteed to be valid.ypasswordñThe default character set consists of uppercase and lowercase letters, numbers, and special characters from the ASCII+ character set. (i.e. everything from the ASCII# set except the control characters)zpasswordCheck if given £Ñ is a special character. (i.e. any non-alphanumeric non-control ASCII character){password Convert a c' into its associated predicate function|passwordThis function is equivalent to: } policy password == R2let pass = mkPassword "This_Is_Valid_PassWord1234"+isValidPassword defaultPasswordPolicy_ passTrue}passwordChecks if a given   adheres to the provided k.ÈIn case of an invalid password, returns the reasons why it wasn't valid.2let pass = mkPassword "This_Is_Valid_Password1234",validatePassword defaultPasswordPolicy_ pass ValidPassword~password Validate h to return ¢5 on at least one of the characters that is required.For instance, if mÈ states that the password requires at least one uppercase letter, then h6 should return True on at least one uppercase letter.password)Template Haskell validation function for ms. -{-# LANGUAGE TemplateHaskell #-} myPolicy :: m myPolicy = w'{ specialChars = 1 } myValidPolicy :: k myValidPolicy = $( myPolicy) For technical reasons, the u field is ignored and the y; is used. If, for any reason, you do need to use a custom h , please use €é and either handle the failure case at runtime and/or use a unit test to make sure your policy is valid.€passwordVerifies that a m! is valid and converts it into a k.,validatePasswordPolicy defaultPasswordPolicy Right (...)passwordDefault character setÀShould be all non-control characters in the ASCII character set.ƒpassword&N.B. This will not check order on the u„password)N.B. This will not check equality on the u1QRSTUVWXYZ[\]^_`abcgdefhijklmnopqrstuvwxyz{|}~€1}|QRS€mnopqrstuklwxhijyYZ[\]TUVWXcgdefba`_^~{zv Safe-InferredPV¤¥¦§¨©ª«¬            !"##$%&'()*+, !"-./01234456789, !":;<=>>?@ABCD, !"EFGHIJKLMNOPQRSTUVWXYZ[\]^^_`abbcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†"‡ˆ‰Š‹ŒŽ‘’“”•–—”˜™š”›œžŸ žŸ¡žŸ¢£¤¥¦§¨©ª«'password-3.0.1.0-JZSozlXIneI3oHAVz57YJHData.Password.Argon2Data.Password.BcryptData.Password.PBKDF2Data.Password.ScryptData.Password.ValidateData.Password.InternalPaths_password&cryptonite-0.29-H7Mh80B3DK22T6qqMOvlQ2Crypto.KDF.Argon2Argon2idArgon2iArgon2dVariant Version13 Version10Version-password-types-1.0.0.0-5Kgdmk8h56z6I6olQUkBteData.Password.TypesunsafeShowPassword mkPasswordPasswordunPasswordHash PasswordHashgetSaltSalt PasswordCheckPasswordCheckSuccessPasswordCheckFailBcrypt hashPasswordhashPasswordWithSalthashPasswordWithParams checkPasswordnewSalt Argon2Params argon2Salt argon2Variant argon2Versionargon2MemoryCostargon2TimeCostargon2Parallelismargon2OutputLengthArgon2 defaultParams$fEqArgon2Params$fShowArgon2ParamsPBKDF2Algorithm PBKDF2_MD5 PBKDF2_SHA1 PBKDF2_SHA256 PBKDF2_SHA512 PBKDF2Params pbkdf2Saltpbkdf2Algorithmpbkdf2Iterationspbkdf2OutputLengthPBKDF2$fEqPBKDF2Params$fShowPBKDF2Params$fEqPBKDF2Algorithm$fShowPBKDF2Algorithm ScryptParams scryptSalt scryptRoundsscryptBlockSizescryptParallelismscryptOutputLengthScrypt$fEqScryptParams$fShowScryptParamsValidationResult ValidPasswordInvalidPasswordInvalidPolicyReason InvalidLengthMaxLengthBelowZeroCategoryAmountsAboveMaxLengthInvalidCharSetPredicate InvalidReasonPasswordTooShortPasswordTooLongNotEnoughReqCharsInvalidCharactersProvidedAmount MinimumAmountProvidedLength MaximumLength MinimumLengthCharacterCategory Uppercase LowercaseSpecialDigitCharSetPredicategetCharSetPredicateValidPasswordPolicyfromValidPasswordPolicyPasswordPolicy minimumLength maximumLengthuppercaseCharslowercaseChars specialChars digitCharscharSetPredicate allButCSPdefaultPasswordPolicydefaultPasswordPolicy_defaultCharSetPredicate isSpecialcategoryToPredicateisValidPasswordvalidatePasswordvalidateCharSetPredicatevalidatePasswordPolicyTHvalidatePasswordPolicydefaultCharSet$fShowPasswordPolicy$fOrdPasswordPolicy$fEqPasswordPolicy$fEqValidationResult$fShowValidationResult$fEqInvalidPolicyReason$fOrdInvalidPolicyReason$fShowInvalidPolicyReason$fEqInvalidReason$fOrdInvalidReason$fShowInvalidReason$fEqCharacterCategory$fOrdCharacterCategory$fShowCharacterCategory$fEqValidPasswordPolicy$fOrdValidPasswordPolicy$fShowValidPasswordPolicytoBytes text-1.2.3.2Data.Text.InternalText$memory-0.16.0-IQ0BPhL6bCa5UgykDv6ZkqData.ByteArray.BytesBytes fromBytesfrom64bytestring-0.10.10.0Data.ByteString.Internal ByteStringreadTbase Text.ReadreadshowTGHC.Showshow unsafePad64GHC.RealremunsafeRemovePad64ghc-prim GHC.TypesIntTrueCharversion getBinDir getLibDir getDynLibDir getDataDir getLibexecDir getSysconfDirgetDataFileName