/usr/share/doc/libghc-cryptonite-doc/html/Crypto-KDF-BCrypt.html is in libghc-cryptonite-doc 0.10-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Crypto.KDF.BCrypt</title><link href="ocean.css" rel="stylesheet" type="text/css" title="Ocean" /><script src="haddock-util.js" type="text/javascript"></script><script type="text/javascript">//<![CDATA[
window.onload = function () {pageLoad();setSynopsis("mini_Crypto-KDF-BCrypt.html");};
//]]>
</script></head><body><div id="package-header"><ul class="links" id="page-menu"><li><a href="src/Crypto-KDF-BCrypt.html">Source</a></li><li><a href="index.html">Contents</a></li><li><a href="doc-index.html">Index</a></li></ul><p class="caption">cryptonite-0.10: Cryptography Primitives sink</p></div><div id="content"><div id="module-header"><table class="info"><tr><th>Safe Haskell</th><td>None</td></tr><tr><th>Language</th><td>Haskell2010</td></tr></table><p class="caption">Crypto.KDF.BCrypt</p></div><div id="description"><p class="caption">Description</p><div class="doc"><p>Password encoding and validation using bcrypt.</p><p>Example usasge:</p><pre class="screen"><code class="prompt">>>> </code><strong class="userinput"><code>import Crypto.KDF.BCrypt (hashPassword, validatePassword)
</code></strong><code class="prompt">>>> </code><strong class="userinput"><code>import qualified Data.ByteString.Char8 as B
</code></strong><code class="prompt">>>> </code><strong class="userinput"><code>
</code></strong><code class="prompt">>>> </code><strong class="userinput"><code>let bcryptHash = B.pack "$2a$10$MJJifxfaqQmbx1Mhsq3oq.YmMmfNhkyW4s/MS3K5rIMVfB7w0Q/OW"
</code></strong><code class="prompt">>>> </code><strong class="userinput"><code>let password = B.pack "password"
</code></strong><code class="prompt">>>> </code><strong class="userinput"><code>validatePassword password bcryptHash
</code></strong><code class="prompt">>>> </code><strong class="userinput"><code>True
</code></strong><code class="prompt">>>> </code><strong class="userinput"><code>let otherPassword = B.pack "otherpassword"
</code></strong><code class="prompt">>>> </code><strong class="userinput"><code>otherHash <- hashPassword 12 otherPasssword :: IO B.ByteString
</code></strong><code class="prompt">>>> </code><strong class="userinput"><code>validatePassword otherPassword otherHash
</code></strong><code class="prompt">>>> </code><strong class="userinput"><code>True
</code></strong></pre><p>See <a href="https://www.usenix.org/conference/1999-usenix-annual-technical-conference/future-adaptable-password-scheme">https://www.usenix.org/conference/1999-usenix-annual-technical-conference/future-adaptable-password-scheme</a>
for details of the original algorithm.</p><p>The functions <code>hashPassword</code> and <code>validatePassword</code> should be all that
most users need.</p><p>Hashes are strings of the form
<code>$2a$10$MJJifxfaqQmbx1Mhsq3oq.YmMmfNhkyW4s<em>MS3K5rIMVfB7w0Q</em>OW</code> which
encode a version number, an integer cost parameter and the concatenated
salt and hash bytes (each separately Base64 encoded. Incrementing the
cost parameter approximately doubles the time taken to calculate the hash.</p><p>The different version numbers have evolved because of bugs in the standard
C implementations. The most up to date version is <code>2b</code> and this
implementation the <code>2b</code> version prefix, but will also attempt to validate
against hashes with versions <code>2a</code> and <code>2y</code>. Version <code>2</code> or <code>2x</code> will be
rejected. No attempt is made to differentiate between the different versions
when validating a password, but in practice this shouldn't cause any problems
if passwords are UTF-8 encoded (which they should be).</p><p>The cost parameter can be between 4 and 31 inclusive, but anything less than
10 is probably not strong enough. High values may be prohibitively slow
depending on your hardware. Choose the highest value you can without having
an unacceptable impact on your users. The cost parameter can also be varied
depending on the account, since it is unique to an individual hash.</p></div></div><div id="synopsis"><p id="control.syn" class="caption expander" onclick="toggleSection('syn')">Synopsis</p><ul id="section.syn" class="hide" onclick="toggleSection('syn')"><li class="src short"><a href="#v:hashPassword">hashPassword</a> :: (<a href="Crypto-Random-Types.html#t:MonadRandom">MonadRandom</a> m, <a href="file:///usr/share/doc/libghc-memory-doc/html/Data-ByteArray.html#t:ByteArray">ByteArray</a> password, <a href="file:///usr/share/doc/libghc-memory-doc/html/Data-ByteArray.html#t:ByteArray">ByteArray</a> hash) => <a href="file:///usr/share/doc/ghc-doc/html/libraries/base-4.8.2.0/Data-Int.html#t:Int">Int</a> -> password -> m hash</li><li class="src short"><a href="#v:validatePassword">validatePassword</a> :: (<a href="file:///usr/share/doc/libghc-memory-doc/html/Data-ByteArray.html#t:ByteArray">ByteArray</a> password, <a href="file:///usr/share/doc/libghc-memory-doc/html/Data-ByteArray.html#t:ByteArray">ByteArray</a> hash) => password -> hash -> <a href="file:///usr/share/doc/ghc-doc/html/libraries/base-4.8.2.0/Data-Bool.html#t:Bool">Bool</a></li><li class="src short"><a href="#v:validatePasswordEither">validatePasswordEither</a> :: (<a href="file:///usr/share/doc/libghc-memory-doc/html/Data-ByteArray.html#t:ByteArray">ByteArray</a> password, <a href="file:///usr/share/doc/libghc-memory-doc/html/Data-ByteArray.html#t:ByteArray">ByteArray</a> hash) => password -> hash -> <a href="file:///usr/share/doc/ghc-doc/html/libraries/base-4.8.2.0/Data-Either.html#t:Either">Either</a> <a href="file:///usr/share/doc/ghc-doc/html/libraries/base-4.8.2.0/Data-String.html#t:String">String</a> <a href="file:///usr/share/doc/ghc-doc/html/libraries/base-4.8.2.0/Data-Bool.html#t:Bool">Bool</a></li><li class="src short"><a href="#v:bcrypt">bcrypt</a> :: (<a href="file:///usr/share/doc/libghc-memory-doc/html/Data-ByteArray.html#t:ByteArray">ByteArray</a> salt, <a href="file:///usr/share/doc/libghc-memory-doc/html/Data-ByteArray.html#t:ByteArray">ByteArray</a> password, <a href="file:///usr/share/doc/libghc-memory-doc/html/Data-ByteArray.html#t:ByteArray">ByteArray</a> output) => <a href="file:///usr/share/doc/ghc-doc/html/libraries/base-4.8.2.0/Data-Int.html#t:Int">Int</a> -> salt -> password -> output</li></ul></div><div id="interface"><h1>Documentation</h1><div class="top"><p class="src"><a name="v:hashPassword" class="def">hashPassword</a> <a href="src/Crypto-KDF-BCrypt.html#hashPassword" class="link">Source</a></p><div class="subs arguments"><p class="caption">Arguments</p><table><tr><td class="src">:: (<a href="Crypto-Random-Types.html#t:MonadRandom">MonadRandom</a> m, <a href="file:///usr/share/doc/libghc-memory-doc/html/Data-ByteArray.html#t:ByteArray">ByteArray</a> password, <a href="file:///usr/share/doc/libghc-memory-doc/html/Data-ByteArray.html#t:ByteArray">ByteArray</a> hash)</td><td class="doc empty"> </td></tr><tr><td class="src">=> <a href="file:///usr/share/doc/ghc-doc/html/libraries/base-4.8.2.0/Data-Int.html#t:Int">Int</a></td><td class="doc"><p>The cost parameter. Should be between 4 and 31 (inclusive).
Values which lie outside this range will be adjusted accordingly.</p></td></tr><tr><td class="src">-> password</td><td class="doc"><p>The password. Should be the UTF-8 encoded bytes of the password text.</p></td></tr><tr><td class="src">-> m hash</td><td class="doc"><p>The bcrypt hash in standard format.</p></td></tr></table></div><div class="doc"><p>Create a bcrypt hash for a password with a provided cost value.
Typically used to create a hash when a new user account is registered
or when a user changes their password.</p><p>Each increment of the cost approximately doubles the time taken.
The 16 bytes of random salt will be generated internally.</p></div></div><div class="top"><p class="src"><a name="v:validatePassword" class="def">validatePassword</a> :: (<a href="file:///usr/share/doc/libghc-memory-doc/html/Data-ByteArray.html#t:ByteArray">ByteArray</a> password, <a href="file:///usr/share/doc/libghc-memory-doc/html/Data-ByteArray.html#t:ByteArray">ByteArray</a> hash) => password -> hash -> <a href="file:///usr/share/doc/ghc-doc/html/libraries/base-4.8.2.0/Data-Bool.html#t:Bool">Bool</a> <a href="src/Crypto-KDF-BCrypt.html#validatePassword" class="link">Source</a></p><div class="doc"><p>Check a password against a stored bcrypt hash when authenticating a user.</p><p>Returns <code>False</code> if the password doesn't match the hash, or if the hash is
invalid or an unsupported version.</p></div></div><div class="top"><p class="src"><a name="v:validatePasswordEither" class="def">validatePasswordEither</a> :: (<a href="file:///usr/share/doc/libghc-memory-doc/html/Data-ByteArray.html#t:ByteArray">ByteArray</a> password, <a href="file:///usr/share/doc/libghc-memory-doc/html/Data-ByteArray.html#t:ByteArray">ByteArray</a> hash) => password -> hash -> <a href="file:///usr/share/doc/ghc-doc/html/libraries/base-4.8.2.0/Data-Either.html#t:Either">Either</a> <a href="file:///usr/share/doc/ghc-doc/html/libraries/base-4.8.2.0/Data-String.html#t:String">String</a> <a href="file:///usr/share/doc/ghc-doc/html/libraries/base-4.8.2.0/Data-Bool.html#t:Bool">Bool</a> <a href="src/Crypto-KDF-BCrypt.html#validatePasswordEither" class="link">Source</a></p><div class="doc"><p>Check a password against a bcrypt hash</p><p>As for <code>validatePassword</code> but will provide error information if the hash is invalid or
an unsupported version.</p></div></div><div class="top"><p class="src"><a name="v:bcrypt" class="def">bcrypt</a> <a href="src/Crypto-KDF-BCrypt.html#bcrypt" class="link">Source</a></p><div class="subs arguments"><p class="caption">Arguments</p><table><tr><td class="src">:: (<a href="file:///usr/share/doc/libghc-memory-doc/html/Data-ByteArray.html#t:ByteArray">ByteArray</a> salt, <a href="file:///usr/share/doc/libghc-memory-doc/html/Data-ByteArray.html#t:ByteArray">ByteArray</a> password, <a href="file:///usr/share/doc/libghc-memory-doc/html/Data-ByteArray.html#t:ByteArray">ByteArray</a> output)</td><td class="doc empty"> </td></tr><tr><td class="src">=> <a href="file:///usr/share/doc/ghc-doc/html/libraries/base-4.8.2.0/Data-Int.html#t:Int">Int</a></td><td class="doc"><p>The cost parameter. Should be between 4 and 31 (inclusive).
Values which lie outside this range will be adjusted accordingly.</p></td></tr><tr><td class="src">-> salt</td><td class="doc"><p>The salt. Must be 16 bytes in length or an error will be raised.</p></td></tr><tr><td class="src">-> password</td><td class="doc"><p>The password. Should be the UTF-8 encoded bytes of the password text.</p></td></tr><tr><td class="src">-> output</td><td class="doc"><p>The bcrypt hash in standard format.</p></td></tr></table></div><div class="doc"><p>Create a bcrypt hash for a password with a provided cost value and salt.</p></div></div></div></div><div id="footer"><p>Produced by <a href="http://www.haskell.org/haddock/">Haddock</a> version 2.16.1</p></div></body></html>
|