Florian Hartwig
Florian Hartwig
We're currently using the [scrypt library](https://hackage.haskell.org/package/scrypt) to hash user passwords and service keys. [cryptonite](http://hackage.haskell.org/package/cryptonite) also does scrypt, and since we're using cryptonite anyway, we could get rid of the scrypt...
We're currently using nonces for user confirmation tokens, email reset tokens, session tokens etc. These are generated by `genRandomBytes'P` from `Thentos.Action.Core`. There is a new-ish package called [nonce](https://hackage.haskell.org/package/nonce) on hackage...
Configifier seems to silently ignore unknown command line flags. It would be nice if it could somehow throw an error instead.