On Tue, Oct 28, 2008 at 16:42, Bit Connor
Hello,
What library can be used to securely hash passwords? From what I understand, the "bcrypt" algorithm is what the experts recommend. It is described in the paper:
http://www.openbsd.org/papers/bcrypt-paper.ps
I couldn't find a haskell library for this.
There is a BSD licensed C implementation that looks very simple here:
http://www.mindrot.org/projects/py-bcrypt/
A translation to haskell should be straight forward. Alternatively, a haskell bcrypt library could directly use this implementation and provide a very light FFI wrapper.
Any thoughts?
Direct Haskell implementation has significant advantage of being more portable: from my experience building C libraries on Windows is much more complicated and quite often fails in default setting [1]. Fixing it may require some non-trivial (and time consuming) hacking. On the other hand reusing existing implementation is likely to be faster from developers view: just write a bunch of FFI imports and you are done. It may also benefit from C's high speed. All best Christopher Skrzętnicki [1] All regex-*, OpenGL and bunch of others