[Haskell-cafe] Password hashing
Krzysztof Skrzętnicki
gtener at gmail.com
Tue Oct 28 11:56:45 EDT 2008
On Tue, Oct 28, 2008 at 16:42, Bit Connor <bit at mutantlemon.com> wrote:
> Hello,
>
> What library can be used to securely hash passwords? From what I
> understand, the "bcrypt" algorithm is what the experts recommend. It
> is described in the paper:
>
> http://www.openbsd.org/papers/bcrypt-paper.ps
>
> I couldn't find a haskell library for this.
>
> There is a BSD licensed C implementation that looks very simple here:
>
> http://www.mindrot.org/projects/py-bcrypt/
>
> A translation to haskell should be straight forward.
> Alternatively, a haskell bcrypt library could directly use this
> implementation and provide a very light FFI wrapper.
>
> Any thoughts?
Direct Haskell implementation has significant advantage of being more
portable: from my experience building C libraries on Windows is much
more complicated and quite often fails in default setting [1]. Fixing
it may require some non-trivial (and time consuming) hacking. On the
other hand reusing existing implementation is likely to be faster from
developers view: just write a bunch of FFI imports and you are done.
It may also benefit from C's high speed.
All best
Christopher Skrzętnicki
[1] All regex-*, OpenGL and bunch of others
More information about the Haskell-Cafe
mailing list