riverrun

riverrun

Comeonin password hashing library

I’ve just released version 3 of Comeonin, a password hashing library.

The following small changes have been made:

  • changes to the NIF code to make it more scheduler-friendly
  • more information about Argon2, the winner of the 2015 Password Hashing Competition, in the documentation
  • now using elixir_make as the compiler

If you have any questions / issues, just let me know.

Most Liked

riverrun

riverrun

Hi all,

I have just released version 4.0.0-rc.0 of Comeonin. There are quite a few changes in how it is organized, but upgrading should be quite straightforward.

The first big change is that all of the password hashing algorithms are now optional dependencies of Comeonin, so the first thing you need to do is decide which algorithm you want to use and also include that as a dependency. It is also possible to use the dependency libraries directly, without installing Comeonin.

The second major change is that there is now support for Argon2, the winner of the 2015 Password Hashing Competition. That means that the supported algorithms are Argon2, Bcrypt and Pbkdf2.

There are also a couple of helper functions - add_hash and check_pass, which should reduce the amount of code you write when adding password hashes to the database and / or check a user’s password (by comparing it with a stored hash).

To use this version, add the following to the deps section in your mix.exs file:

{:comeonin, "~> 4.0-rc"},
{:argon2_elixir, "~> 1.2"},

If you are using Bcrypt, use {:bcrypt_elixir, "~> 0.11"}, and if you are using Pbkdf2, add {:pbkdf2_elixir, "0.11"}.

Here is the full changelog:

  • Enhancements
    • Added support for Argon2 (as an optional dependency – argon2_elixir)
    • Added higher-level helper functions to each algorithm’s module
      • These functions accept / return maps and should reduce code use when adding password hashes / checking passwords
    • Improved the statistics function in each module – report
    • Added sha256 support and django format support to Pbkdf2
  • Changes
    • Made all the hashing algorithms optional dependencies
    • Moved the configuration to the separate dependency libraries
    • Removed support for one-time passwords

If you have any questions / comments, please let me know.

10
Post #4
riverrun

riverrun

Two things I would like to mention:

First, there is this issue about redesigning Comeonin. I can see arguments for and against the proposed changes, and I would welcome any feedback you might have. As Comeonin is widely used, I want to get as much feedback as I can before making a final decision.

Second, I have set up a patreon page to accept donations. I would like to stress that Comeonin, and the other libraries I maintain, are offered free of charge, but there are times when I cannot spend as much time on them as I would like. If I can receive some financial support, then I will be able to invest more time in their development.

riverrun

riverrun

Version 5 has been released.

This version is an update based on this issue. Comeonin now provides two behaviours, Comeonin and Comeonin.PasswordHash, which can then be implemented by password hashing libraries.

Together with this update, argon2_elixir and bcrypt_elixir have been updated to version 2.0, and pbkdf2_elixir has been updated to version 1.0.

To update to the new versions, remove :comeonin from the deps function in your mix.exs file, update the hashing library to the latest version, and then edit the hashing functions as shown below:

Comeonin.Argon2.add_hash → Argon2.add_hash
Comeonin.Argon2.check_pass → Argon2.check_pass
Comeonin.Argon2.hashpwsalt → Argon2.hash_pwd_salt
Comeonin.Argon2.checkpw → Argon2.verify_pass
Comeonin.Argon2.dummy_checkpw → Argon2.no_user_verify

For more information see this guide.

If you have any questions / comments, please let me know.

Where Next?

Popular in Announcing Top

tmbb
PhoenixWS - Websockets over Phoenix Channels Source code on Github here: GitHub - tmbb/phoenix_ws: Websockets implemented over Phoenix Ch...
New
mischov
import Meeseeks.CSS html = HTTPoison.get!("https://news.ycombinator.com/").body for story <- Meeseeks.all(html, css("tr.athing")) do...
New
seancribbs
Today I released a new dialyzer Mix task as the dialyzex package! At the time we started writing this task, the existing dialyzer integra...
New
ityonemo
Currently just starting out on a new mini-project - getting zig NIFs to run in elixir. https://github.com/ityonemo/zigler The idea here...
New
pkrawat1
Presenting Aviacommerce, open source e-commerce platform in Elixir Aviacommerce is an open source e-commerce platform in Elixir. We at...
New
riverrun
I’ve just released version 3 of Comeonin, a password hashing library. The following small changes have been made: changes to the NIF c...
New
woutdp
Hi! I wanted to introduce my latest project LiveSvelte. It allows you to render Svelte inside LiveView with end-to-end reactivity. It’s ...
New
blatyo
The best overview for how things are tied together is this presentation. Modules and functions are pretty well documented at this point, ...
New
versilov
Could not wait for the missing Elixir ML libraries to appear, so, I wrote one myself, taking https://github.com/sdwolfz/exlearn as a foun...
New
wfgilman
I’ve cleaned up and open sourced three financial libraries I was using for my company. They are bindings for the APIs of these three comp...
New

Other popular topics Top

malloryerik
Hi, this is for people who, like me, have had some friction using .html.heex templates in VSCode. The solution seems to be, in a hyphena...
New
AstonJ
Posting this to see if we can make things easier for people to get into Neovim. If you use Neovim and have a favourite distro please let ...
New
lessless
I believe there are people here who are dealing with CSV files import on the daily basis, and since Excel is a really popular tool there ...
New
JeremM34
Hello, how can I check the Phoenix version ? Thanks !
New
ovidiubadita
Hey all, I discovered Elixir and I love it. I always wanted to learn a functional programming and I intended to go for Haskell, but afte...
New
Lily
In templates/appointment/index.html.eex: <%= for appointment <- @appointments do %> <tr> <td><%= appoi...
New
shijith.k
I am trying to start a new phoenix project with elixir 1.9, but mix phx.new does not work. It says that ** (Mix) The task "phx.new" could...
New
AstonJ
We’ve put together this wiki for Phoenix LiveView - please feel free to add any info you feel is worth including. What is Phoenix LiveV...
New
dogweather
I wrote this comment on r/haskell, and it’s not popular there. :wink: But I think I’m on to something… Haskell reminds me of Java, and e...
New
vonH
In asking this question I am more interested about the expressiveness of the language itself and less concerned about the availability of...
New

We're in Beta

About us Mission Statement