I would like to know which library is the best for encryption in phoenix or can i just use Plug.Crypto.MessageEncryptor? I want to encrypt a password that the user send us
Thanks
I would like to know which library is the best for encryption in phoenix or can i just use Plug.Crypto.MessageEncryptor? I want to encrypt a password that the user send us
Thanks
What and why you want to encrypt?
i want to encrypt the password and store it in the database
There are some…
You might find them on hex.pm
But cant i just use Plug.Crypto.MessageEncryptor for encrypting the password?
Those mentionned are for this task…
why do you recommend using these libraries over Plug.Crypto.MessageEncryptor for encrypting the passwords and storing it in the database?
Because of topic’s title…
so will you recommend using these libraries over Plug.Crypto.MessageEncryptor?
Yes, I would recommend those libraries for the requested task.
While I would use Plug.Crypto.MessageEncryptor for encrypting communication.
You don’t want passwords to be decrypted… Or else someone could maliciously do that and the passwords are leaked.
The 3 libraries mentioned are all hashing libraries. That means that the data goes in and (in theory) can never come back out again.
I might suggest using a prebuilt user login solution like pow if you are not sure what the difference is. User data is important to keep private.
All the methods listed by @kokolegorille are hashing methods that are irreversible, and they are all designed to be slow so that it’s infeasible to brute-force the original password.
You should never, ever, EVER encrypt passwords for storage. You always hash them with KDF like already mentioned by @kokolegorille. In exactly the same order they listed them:
Alternatively there are other algorithms, but as you asked this question, then I would say that you should use one of the mentioned above.
There’s an ‘official’ Phoenix auth generator that’s very nice:
I ran the Mix task for the generator on a project recently and adapted the generated code. I used Argon2 for password hashing.
comeonin
– something like the standard password hashing ‘interface’ – recommends using Argon2: