password
password copied to clipboard
datatypes and functions for easily working with passwords in Haskell
Need to try and build `password` package with `crypton-1.0.0` and make a revision on hackage if everything still works.
It might be a good idea, seeing as we had a `base64` major version bump, that we add golden tests to make sure the hashes we produce stay the same...
The same way you can turn off certain algorithms in `password` with the #63 PR, we could also have flags to turn of instances and with them dependencies of `password-instances`...
I'd argue the following: ```hs ["", version, cost, _pass] -> do guard $ elem version $ map T.pack ["2b", "2y", "2x", "2a", "2"] ``` would be preferrable over the current:...
A friend of mine pointed to this security issue, though it's not very likely to happen. Having passwords leak into swap memory is a potential security risk, as swap memory...
Seeing as some algorithms encode the password hashes in different ways, it might be a good idea to add functionality to dictate how the hash will be output (`hashPassword`) and/or...
It would be nice if the `password-instances` packages was split into separate packages, where each package just provided instances for a given Haskell package. For instance, now the `password-instances` package...
Hi @cdepillabout ! I would like to start the discussion about dropping cabal-doctest. It is deprecated, was never intended to be a sustainable solution, and poses a risk for downstream...
A nice additional functionality might be a way to create new hashes after validating a password. This would be a modified version of `checkPassword` that returns a new hash that...
@agentultra shared [__an interesting PDF of the NIST__](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf) about how to go about handling and enforcing passwords (memorized secrets) and it has some interesting guidelines that make a lot of...