This repository has been archived by the owner on Oct 2, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
DONT MERGE! Use the Argon2 KDF for derivation of the password hash.
TODO: Evaluate ideal options and length.
- Loading branch information
1 parent
3d7e59c
commit 6d2931b
Showing
1 changed file
with
3 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,9 +9,9 @@ module Util where | |
import Control.Arrow | ||
import Control.Monad.IO.Class | ||
import Control.Monad.Logger (LoggingT, runStdoutLoggingT) | ||
import qualified Crypto.Hash as Hash | ||
import qualified Crypto.KDF.Argon2 as Ar2 | ||
import Crypto.Error (throwCryptoError) | ||
import Data.Aeson hiding (json) | ||
import qualified Data.ByteArray as BA | ||
import qualified Data.ByteString as BS | ||
import qualified Data.ByteString.Base16 as B16 | ||
import qualified Data.Text as T | ||
|
@@ -43,7 +43,7 @@ decodeHex = fst . B16.decode . E.encodeUtf8 | |
|
||
hashPassword :: T.Text -> BS.ByteString -> T.Text | ||
hashPassword password salt = | ||
makeHex $ BA.convert . Hash.hashFinalize $ Hash.hashUpdates (Hash.hashInitWith Hash.SHA512) [salt, E.encodeUtf8 password] | ||
makeHex . throwCryptoError $ Ar2.hash Ar2.defaultOptions (E.encodeUtf8 password) salt 1024 | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
danielrutz
Author
Contributor
|
||
|
||
runSQL | ||
:: (HasSpock m, SpockConn m ~ SqlBackend) | ||
|
It looks like the error can only occur if either the salt is too small or the output_length is too big/small.
See here.
Therefore if the code is properly written no error should ever be thrown. Am I correct?
I recommend that we add a comment that explains this.
If the error can be thrown under any circumstances we should handle it gracefully.