greatisgreat
Which library is the best for encryption in phoenix?
I would like to know which library is the best for encryption in phoenix or can i just use Plug.Crypto.MessageEncryptor? I want to encrypt a password that the user send us
Thanks ![]()
Marked As Solved
kokolegorille
There are some…
- argon2_elixir
- bcrypt_elixir
- pbkdf2_elixir
You might find them on hex.pm
Also Liked
sb8244
You don’t want passwords to be decrypted… Or else someone could maliciously do that and the passwords are leaked.
The 3 libraries mentioned are all hashing libraries. That means that the data goes in and (in theory) can never come back out again.
I might suggest using a prebuilt user login solution like pow if you are not sure what the difference is. User data is important to keep private.
Aetherus
All the methods listed by @kokolegorille are hashing methods that are irreversible, and they are all designed to be slow so that it’s infeasible to brute-force the original password.
- PBKDF2 is CPU-proof (meaning you are unable to crack the original password using only some CPUs) but not GPU-proof.
- BCrypt is both CPU-proof and GPU-proof, but may be vulnerable to quantum computers.
- Argon2 is safe to all known brute-force and rainbow table attacking vectors.
hauleth
You should never, ever, EVER encrypt passwords for storage. You always hash them with KDF like already mentioned by @kokolegorille. In exactly the same order they listed them:
- Argon2
- If above is out of question then crypt
- If none of the above fits the bill (or you need to be NIST certified) then you go with PBKDF2
Alternatively there are other algorithms, but as you asked this question, then I would say that you should use one of the mentioned above.
Popular in Discussions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance










