Felix Paulusma
Felix Paulusma
A nice additional functionality might be a way to create new hashes after validating a password. This would be a modified version of `checkPassword` that returns a new hash that...
@agentultra shared [__an interesting PDF of the NIST__](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf) about how to go about handling and enforcing passwords (memorized secrets) and it has some interesting guidelines that make a lot of...
After talking to someone who used `password-instances`, it's still somewhat annoying to have to make a field `Text`, just because you want to also use it with `ToJSON` to send...
This might be benificial for people who want to hash in their terminal for e.g. testing. Maybe in pipelines? Not sure how to do this securely, but it seems like...
### Your environment Which OS do you use: Ubuntu 20.04 ### Steps to reproduce - Install GHCup and use it to: - install GHC 9.6.5 and HLS 2.8 - Start...
Also updated a bit of the CI settings, since we got GHC 9.6.6 now. And the `haskell/actions/setup` is now deprecated, using `haskell-actions/setup` now.
To prevent timing attacks, sometimes you'd want to compare bytes (like hashes) in constant time, since this can give the attacker information on how far they have matched the bytes....
We now have a working CLI (AFAWK) that can be used by anyone. Adding this executable to hackage is not necessary as anyone can just build it, given this repo....
# Big bunch of releases There are a few PRs that will need some publishing done after merging. ## 1) #86 `password-cli` Since we haven't actually published the `password-cli` yet,...