<div dir="auto">Hi Pietro,</div><div dir="auto"><br></div><div dir="auto">The hash algorithm you linked to is not a pure hash function.</div><div dir="auto"><br></div><div dir="auto">Using pure hash functions for passwords make the resulting hashes vulnerable to dictionary attacks.</div><div dir="auto"><br></div><div dir="auto">The bcrypt algorithm incorporates random data—hence the use of MonadRandom—called a salt, to generate a password hash resistant to dictionary attacks.</div><div dir="auto"><br></div><div dir="auto">(You’d probably get better answers to such questions on the cafe mailing list. You seem to be well beyond the LYAH level, more power to you!)</div><div dir="auto"><br></div><div dir="auto">Best, Kim-Ee</div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Feb 21, 2023 at 8:17 PM Pietro Grandinetti <<a href="mailto:pietro.gra@hotmail.it">pietro.gra@hotmail.it</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">
<div dir="ltr">
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
Hello--</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
I am going to use the function 'hashPassword' in [1] and I am not able to understand why the result is
<span style="font-family:Consolas,Courier,monospace">MonadRandom ByteArray</span> instead of simply being a
<span style="font-family:Consolas,Courier,monospace">ByteString </span>(or, ByteArray, or similar). Looking at [2], the only useful thing I can do with a
<span style="font-family:Consolas,Courier,monospace">MonadRandom a</span> is to convert it to
<span style="font-family:Consolas,Courier,monospace">IO a</span>. Why would a result of this determistic computation be a
<span style="font-family:Consolas,Courier,monospace">IO</span>?<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
[1] - <a href="https://hackage.haskell.org/package/cryptonite-0.30/docs/Crypto-KDF-BCrypt.html" id="m_8025347243808217976LPlnk434553" target="_blank" style="font-family:Calibri,Helvetica,sans-serif">
https://hackage.haskell.org/package/cryptonite-0.30/docs/Crypto-KDF-BCrypt.html</a><br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;background-color:rgb(255,255,255);color:rgb(0,0,0)">
[2] - <a href="https://hackage.haskell.org/package/cryptonite-0.30/docs/Crypto-Random-Types.html#t:MonadRandom" id="m_8025347243808217976LPlnk745272" target="_blank" style="font-family:Calibri,Helvetica,sans-serif">
https://hackage.haskell.org/package/cryptonite-0.30/docs/Crypto-Random-Types.html#t:MonadRandom</a><br>
</div>
</div>
_______________________________________________<br>
Beginners mailing list<br>
<a href="mailto:Beginners@haskell.org" target="_blank">Beginners@haskell.org</a><br>
<a href="http://mail.haskell.org/cgi-bin/mailman/listinfo/beginners" rel="noreferrer" target="_blank">http://mail.haskell.org/cgi-bin/mailman/listinfo/beginners</a><br>
</blockquote></div></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">-- Kim-Ee</div>