Hi Pietro,
The hash algorithm you linked to is not a pure hash function.
Using pure hash functions for passwords make the resulting hashes
vulnerable to dictionary attacks.
The bcrypt algorithm incorporates random data—hence the use of
MonadRandom—called a salt, to generate a password hash resistant to
dictionary attacks.
(You’d probably get better answers to such questions on the cafe mailing
list. You seem to be well beyond the LYAH level, more power to you!)
Best, Kim-Ee
On Tue, Feb 21, 2023 at 8:17 PM Pietro Grandinetti
Hello--
I am going to use the function 'hashPassword' in [1] and I am not able to understand why the result is MonadRandom ByteArray instead of simply being a ByteString (or, ByteArray, or similar). Looking at [2], the only useful thing I can do with a MonadRandom a is to convert it to IO a. Why would a result of this determistic computation be a IO?
[1] - https://hackage.haskell.org/package/cryptonite-0.30/docs/Crypto-KDF-BCrypt.h... [2] - https://hackage.haskell.org/package/cryptonite-0.30/docs/Crypto-Random-Types... _______________________________________________ Beginners mailing list Beginners@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/beginners
-- -- Kim-Ee