riverrun
Comeonin password hashing library
I’ve just released version 3 of Comeonin, a password hashing library.
The following small changes have been made:
- changes to the NIF code to make it more scheduler-friendly
- more information about Argon2, the winner of the 2015 Password Hashing Competition, in the documentation
- now using
elixir_makeas the compiler
If you have any questions / issues, just let me know.
Most Liked
riverrun
Hi all,
I have just released version 4.0.0-rc.0 of Comeonin. There are quite a few changes in how it is organized, but upgrading should be quite straightforward.
The first big change is that all of the password hashing algorithms are now optional dependencies of Comeonin, so the first thing you need to do is decide which algorithm you want to use and also include that as a dependency. It is also possible to use the dependency libraries directly, without installing Comeonin.
The second major change is that there is now support for Argon2, the winner of the 2015 Password Hashing Competition. That means that the supported algorithms are Argon2, Bcrypt and Pbkdf2.
There are also a couple of helper functions - add_hash and check_pass, which should reduce the amount of code you write when adding password hashes to the database and / or check a user’s password (by comparing it with a stored hash).
To use this version, add the following to the deps section in your mix.exs file:
{:comeonin, "~> 4.0-rc"},
{:argon2_elixir, "~> 1.2"},
If you are using Bcrypt, use {:bcrypt_elixir, "~> 0.11"}, and if you are using Pbkdf2, add {:pbkdf2_elixir, "0.11"}.
Here is the full changelog:
- Enhancements
- Added support for Argon2 (as an optional dependency – argon2_elixir)
- Added higher-level helper functions to each algorithm’s module
- These functions accept / return maps and should reduce code use when adding password hashes / checking passwords
- Improved the statistics function in each module – report
- Added sha256 support and django format support to Pbkdf2
- Changes
- Made all the hashing algorithms optional dependencies
- Moved the configuration to the separate dependency libraries
- Removed support for one-time passwords
- This is now a separate library -
OneTimePassEcto
- This is now a separate library -
If you have any questions / comments, please let me know.
riverrun
Two things I would like to mention:
First, there is this issue about redesigning Comeonin. I can see arguments for and against the proposed changes, and I would welcome any feedback you might have. As Comeonin is widely used, I want to get as much feedback as I can before making a final decision.
Second, I have set up a patreon page to accept donations. I would like to stress that Comeonin, and the other libraries I maintain, are offered free of charge, but there are times when I cannot spend as much time on them as I would like. If I can receive some financial support, then I will be able to invest more time in their development.
riverrun
Version 5 has been released.
This version is an update based on this issue. Comeonin now provides two behaviours, Comeonin and Comeonin.PasswordHash, which can then be implemented by password hashing libraries.
Together with this update, argon2_elixir and bcrypt_elixir have been updated to version 2.0, and pbkdf2_elixir has been updated to version 1.0.
To update to the new versions, remove :comeonin from the deps function in your mix.exs file, update the hashing library to the latest version, and then edit the hashing functions as shown below:
Comeonin.Argon2.add_hash → Argon2.add_hash
Comeonin.Argon2.check_pass → Argon2.check_pass
Comeonin.Argon2.hashpwsalt → Argon2.hash_pwd_salt
Comeonin.Argon2.checkpw → Argon2.verify_pass
Comeonin.Argon2.dummy_checkpw → Argon2.no_user_verify
For more information see this guide.
If you have any questions / comments, please let me know.
Popular in Announcing
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








