[Haskell-beginners] Understanding reason for Monad

Kim-Ee Yeoh ky3 at atamo.com
Tue Feb 21 13:52:14 UTC 2023


Hi Pietro,

The hash algorithm you linked to is not a pure hash function.

Using pure hash functions for passwords make the resulting hashes
vulnerable to dictionary attacks.

The bcrypt algorithm incorporates random data—hence the use of
MonadRandom—called a salt, to generate a password hash resistant to
dictionary attacks.

(You’d probably get better answers to such questions on the cafe mailing
list. You seem to be well beyond the LYAH level, more power to you!)

Best, Kim-Ee

On Tue, Feb 21, 2023 at 8:17 PM Pietro Grandinetti <pietro.gra at hotmail.it>
wrote:

> Hello--
>
> I am going to use the function 'hashPassword' in [1] and I am not able to
> understand why the result is MonadRandom ByteArray instead of simply
> being a ByteString (or, ByteArray, or similar). Looking at [2], the only
> useful thing I can do with a MonadRandom a is to convert it to IO a. Why
> would a result of this determistic computation be a IO?
>
> [1] -
> https://hackage.haskell.org/package/cryptonite-0.30/docs/Crypto-KDF-BCrypt.html
> [2] -
> https://hackage.haskell.org/package/cryptonite-0.30/docs/Crypto-Random-Types.html#t:MonadRandom
> _______________________________________________
> Beginners mailing list
> Beginners at haskell.org
> http://mail.haskell.org/cgi-bin/mailman/listinfo/beginners
>
-- 
-- Kim-Ee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/beginners/attachments/20230221/8df36896/attachment.html>


More information about the Beginners mailing list