Hi Pietro,

The hash algorithm you linked to is not a pure hash function.

Using pure hash functions for passwords make the resulting hashes vulnerable to dictionary attacks.

The bcrypt algorithm incorporates random data—hence the use of MonadRandom—called a salt, to generate a password hash resistant to dictionary attacks.

(You’d probably get better answers to such questions on the cafe mailing list. You seem to be well beyond the LYAH level, more power to you!)

Best, Kim-Ee

On Tue, Feb 21, 2023 at 8:17 PM Pietro Grandinetti <pietro.gra@hotmail.it> wrote:
Hello--

I am going to use the function 'hashPassword' in [1] and I am not able to understand why the result is MonadRandom ByteArray instead of simply being a ByteString (or, ByteArray, or similar). Looking at [2], the only useful thing I can do with a MonadRandom a is to convert it to IO a. Why would a result of this determistic computation be a IO?

[1] - https://hackage.haskell.org/package/cryptonite-0.30/docs/Crypto-KDF-BCrypt.html
[2] - https://hackage.haskell.org/package/cryptonite-0.30/docs/Crypto-Random-Types.html#t:MonadRandom
_______________________________________________
Beginners mailing list
Beginners@haskell.org
http://mail.haskell.org/cgi-bin/mailman/listinfo/beginners
--
-- Kim-Ee