[Haskell-cafe] Password hashing

Krzysztof Skrzętnicki gtener at gmail.com
Tue Oct 28 11:56:45 EDT 2008

On Tue, Oct 28, 2008 at 16:42, Bit Connor <bit at mutantlemon.com> wrote:
> Hello,
> What library can be used to securely hash passwords? From what I
> understand, the "bcrypt" algorithm is what the experts recommend. It
> is described in the paper:
> http://www.openbsd.org/papers/bcrypt-paper.ps
> I couldn't find a haskell library for this.
> There is a BSD licensed C implementation that looks very simple here:
> http://www.mindrot.org/projects/py-bcrypt/
> A translation to haskell should be straight forward.
> Alternatively, a haskell bcrypt library could directly use this
> implementation and provide a very light FFI wrapper.
> Any thoughts?

Direct Haskell implementation has significant advantage of being more
portable: from my experience building C libraries on Windows is much
more complicated and quite often fails in default setting [1]. Fixing
it may require some non-trivial (and time consuming) hacking. On the
other hand reusing existing implementation is likely to be faster from
developers view: just write a bunch of FFI imports and you are done.
It may also benefit from C's high speed.

All best

Christopher Skrzętnicki

[1] All regex-*, OpenGL and bunch of others

More information about the Haskell-Cafe mailing list