cabal-version: 1.12 name: password version: 3.0.4.0 category: Data synopsis: Hashing and checking of passwords description: A library providing functionality for working with plain-text and hashed passwords with different types of algorithms. . == API . Every supported hashing algorithm has its own module (e.g. "Data.Password.Bcrypt") which exports its own @hashPassword@ and @checkPassword@ functions, as well as all the types and functions in this module. If you are not sure about the specifics of an algorithm you want to use, you can rest assured that by using the @hashPassword@ function of the respective algorithm you are not making any big mistakes, security-wise. . Of course, if you know what you're doing and you want more fine-grained control over the hashing function, you can adjust it using the @hashPasswordWithParams@ function of the respective algorithm. . == Algorithms . Generally, the most "secure" algorithm is believed to be @Argon2@, then @scrypt@, then @bcrypt@, and lastly @PBKDF2@. @bcrypt@ and @PBKDF2@ are the most established algorithms, so they have been tried and tested, though they both lack a memory cost, and therefore have a greater vulnerability to specialized hardware attacks. . When choosing an algorithm, and you have no idea which to pick, just go for @bcrypt@ if your password does not need the highest security possible. It's still a fine way for hashing passwords, and the cost is easily adjustable if needed. If your needs do require stronger protection, you should find someone who can advise you on this topic. (And if you're already knowledgeable enough, you know what to do) homepage: https://github.com/cdepillabout/password/tree/master/password#readme bug-reports: https://github.com/cdepillabout/password/issues author: Dennis Gosnell, Felix Paulusma maintainer: cdep.illabout@gmail.com, felix.paulusma@gmail.com copyright: Copyright (c) Dennis Gosnell, 2019; Felix Paulusma, 2020 license: BSD3 license-file: LICENSE build-type: Custom extra-source-files: README.md ChangeLog.md flag argon2 description: Compile with Argon2 support? default: True manual: True flag bcrypt description: Compile with bcrypt support? default: True manual: True flag crypton description: Use the [crypton] library as the cryptographic backend. default: False manual: True flag cryptonite description: Use the [cryptonite] library as the cryptographic backend. (Does nothing until a future major version) default: False manual: True flag pbkdf2 description: Compile with PBKDF2 support? default: True manual: True flag scrypt description: Compile with scrypt support? default: True manual: True custom-setup setup-depends: base <5 , Cabal <4 , cabal-doctest >=1.0.6 && <1.1 source-repository head type: git location: https://github.com/cdepillabout/password library hs-source-dirs: src exposed-modules: Data.Password.Validate if flag(argon2) exposed-modules: Data.Password.Argon2 if flag(bcrypt) exposed-modules: Data.Password.Bcrypt if flag(pbkdf2) exposed-modules: Data.Password.PBKDF2 if flag(scrypt) exposed-modules: Data.Password.Scrypt other-modules: Paths_password Data.Password.Internal build-depends: base >= 4.9 && < 5 , base64 >= 0.3 && < 1.1 , bytestring >= 0.9 && < 0.13 , memory < 1 , password-types < 2 , template-haskell , text >= 1.2.2 && < 3 ghc-options: -Wall default-language: Haskell2010 -- At some future major version bump, this should -- be changed to the [cryptonite] flag and that -- `if flag(cryptonite) build-depends: cryptonite` if flag(crypton) build-depends: crypton >= 0.31 && < 0.35 else build-depends: cryptonite >= 0.15.1 && < 0.31 test-suite doctests type: exitcode-stdio-1.0 hs-source-dirs: test/doctest main-is: doctest.hs ghc-options: -threaded -O2 -rtsopts -with-rtsopts=-N build-depends: base >=4.9 && <5 , base-compat , doctest , password , QuickCheck , quickcheck-instances , template-haskell default-language: Haskell2010 test-suite password-tasty type: exitcode-stdio-1.0 hs-source-dirs: src test/tasty main-is: Spec.hs other-modules: Data.Password.Internal -- We're also putting all the modules from -- the library in these 'other-modules' so -- we don't get warnings. -- Therefore we also don't need to depend -- on the 'password' package in 'build-depends'. , Data.Password.Validate , Internal , TestPolicy , Validate , Paths_password if flag(argon2) other-modules: Argon2 Data.Password.Argon2 if flag(bcrypt) other-modules: Bcrypt Data.Password.Bcrypt if flag(pbkdf2) other-modules: PBKDF2 Data.Password.PBKDF2 if flag(scrypt) other-modules: Scrypt Data.Password.Scrypt ghc-options: -threaded -O2 -rtsopts -with-rtsopts=-N build-depends: base >=4.9 && <5 , base64 , password-types , bytestring , memory , quickcheck-instances , scrypt , tasty , tasty-hunit , tasty-quickcheck , template-haskell , text default-language: Haskell2010 if flag(argon2) cpp-options: -DCABAL_FLAG_argon2 if flag(bcrypt) cpp-options: -DCABAL_FLAG_bcrypt if flag(pbkdf2) cpp-options: -DCABAL_FLAG_pbkdf2 if flag(scrypt) cpp-options: -DCABAL_FLAG_scrypt -- At some future major version bump, this should -- be changed to the [cryptonite] flag and that -- `if flag(cryptonite) build-depends: cryptonite` if flag(crypton) build-depends: crypton else build-depends: cryptonite