riverrun

riverrun

Comeonin password hashing library

I’ve just released version 3 of Comeonin, a password hashing library.

The following small changes have been made:

  • changes to the NIF code to make it more scheduler-friendly
  • more information about Argon2, the winner of the 2015 Password Hashing Competition, in the documentation
  • now using elixir_make as the compiler

If you have any questions / issues, just let me know.

Most Liked

riverrun

riverrun

Hi all,

I have just released version 4.0.0-rc.0 of Comeonin. There are quite a few changes in how it is organized, but upgrading should be quite straightforward.

The first big change is that all of the password hashing algorithms are now optional dependencies of Comeonin, so the first thing you need to do is decide which algorithm you want to use and also include that as a dependency. It is also possible to use the dependency libraries directly, without installing Comeonin.

The second major change is that there is now support for Argon2, the winner of the 2015 Password Hashing Competition. That means that the supported algorithms are Argon2, Bcrypt and Pbkdf2.

There are also a couple of helper functions - add_hash and check_pass, which should reduce the amount of code you write when adding password hashes to the database and / or check a user’s password (by comparing it with a stored hash).

To use this version, add the following to the deps section in your mix.exs file:

{:comeonin, "~> 4.0-rc"},
{:argon2_elixir, "~> 1.2"},

If you are using Bcrypt, use {:bcrypt_elixir, "~> 0.11"}, and if you are using Pbkdf2, add {:pbkdf2_elixir, "0.11"}.

Here is the full changelog:

  • Enhancements
    • Added support for Argon2 (as an optional dependency – argon2_elixir)
    • Added higher-level helper functions to each algorithm’s module
      • These functions accept / return maps and should reduce code use when adding password hashes / checking passwords
    • Improved the statistics function in each module – report
    • Added sha256 support and django format support to Pbkdf2
  • Changes
    • Made all the hashing algorithms optional dependencies
    • Moved the configuration to the separate dependency libraries
    • Removed support for one-time passwords

If you have any questions / comments, please let me know.

10
Post #4
riverrun

riverrun

Two things I would like to mention:

First, there is this issue about redesigning Comeonin. I can see arguments for and against the proposed changes, and I would welcome any feedback you might have. As Comeonin is widely used, I want to get as much feedback as I can before making a final decision.

Second, I have set up a patreon page to accept donations. I would like to stress that Comeonin, and the other libraries I maintain, are offered free of charge, but there are times when I cannot spend as much time on them as I would like. If I can receive some financial support, then I will be able to invest more time in their development.

riverrun

riverrun

Version 5 has been released.

This version is an update based on this issue. Comeonin now provides two behaviours, Comeonin and Comeonin.PasswordHash, which can then be implemented by password hashing libraries.

Together with this update, argon2_elixir and bcrypt_elixir have been updated to version 2.0, and pbkdf2_elixir has been updated to version 1.0.

To update to the new versions, remove :comeonin from the deps function in your mix.exs file, update the hashing library to the latest version, and then edit the hashing functions as shown below:

Comeonin.Argon2.add_hash → Argon2.add_hash
Comeonin.Argon2.check_pass → Argon2.check_pass
Comeonin.Argon2.hashpwsalt → Argon2.hash_pwd_salt
Comeonin.Argon2.checkpw → Argon2.verify_pass
Comeonin.Argon2.dummy_checkpw → Argon2.no_user_verify

For more information see this guide.

If you have any questions / comments, please let me know.

Where Next?

Popular in Announcing Top

wmnnd
Hi there, for my project DBLSQD, I needed a file storage solution that is a bit more flexible than Arc. Because I thought others might f...
New
sasajuric
I’d like to announce a small library called boundaries. This is an experimental project which explores the idea of enforcing boundaries ...
New
deadtrickster
I’ve just released stable versions of my Prometheus Elixir libs: Elixir client [docs]; Ecto collector [docs]; Plugs instrumenter/Export...
New
bluzky
You may know https://ui.shadcn.com/, a UI component library for React. I really love it’s design style and components. I’ve built some co...
384 13736 119
New
tmbb
I’ve been working on two packages (not on hex.pm yet) to build admin interfaces for phoenix apps: bureaucrat - which contains a bunch ...
New
sabiwara
Dune is a sandbox for Elixir and aims to safely evaluate user-provided code. You can try it out using this basic Elixir playground made ...
New
Jskalc
Hi! Today, after a couple weeks of development I’ve released v0.1 of LiveVue. It’s a seamless integration of Vue and Phoenix LiveView, i...
New
versilov
Could not wait for the missing Elixir ML libraries to appear, so, I wrote one myself, taking https://github.com/sdwolfz/exlearn as a foun...
New
handnot2
Samly can be used to enable SAML 2.0 Single Sign On in a Plug/Phoenix application. This library uses Erlang esaml to provide plug enabl...
New
New

Other popular topics Top

9mm
I am constructing a JSON object (map) and I need to conditionally set a field. I’m trying to write proper elixir-way code… and I’m at a l...
New
lastday4you
I wanted to check elixir version in phoenix because i found that my elixir is 1.5 but when i use Enum.chunk_by it said the function is un...
New
gshaw
What is the idiomatic way of matching for not nil in Elixir? E.g., First way: defp halt_if_not_signed_in(conn, signed_in_account) when...
New
ovidiubadita
Hey all, I discovered Elixir and I love it. I always wanted to learn a functional programming and I intended to go for Haskell, but afte...
New
chrismccord
Phoenix 1.4.0 released Phoenix 1.4 is out! This release ships with exciting new features, most notably with HTTP2 support, improved deve...
688 30877 112
New
jaysoifer
Is there a way to rollback a specific migration and only that one (“skipping” all the other ones)? Would mix ecto.rollback -v 200809061...
New
nobody
Hi! In PHP: $_SERVER[‘SERVER_ADDR’] - in Elixir? Searched the docs for ip address and the web, no good results. Thanks!
New
jason.o
In the code below, if the create action is not set to accept “extra_key” as an input, it errors out with a message shown above. Is there ...
New
saif
Hello everyone, Long time lurker first time poster here. I’ve recently begun working on Elixir full-time again! :raised_hands: It’s been...
New
Brian
What is the proper way to load a module from a file in to IEX? In the python world, doing something like this pretty standard: from ....
New

Latest on Elixir Forum

Elixir Forum

We're in Beta

About us Mission Statement