Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jonathanstowe/crypt-anypasswordhash

Create a cryptographic password hash by the best means available
https://github.com/jonathanstowe/crypt-anypasswordhash

crypt hash password raku

Last synced: 25 days ago
JSON representation

Create a cryptographic password hash by the best means available

Host: GitHub
URL: https://github.com/jonathanstowe/crypt-anypasswordhash
Owner: jonathanstowe
License: artistic-2.0
Created: 2019-12-19T14:48:41.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2022-08-07T08:45:16.000Z (over 2 years ago)
Last Synced: 2023-04-22T17:06:59.539Z (over 1 year ago)
Topics: crypt, hash, password, raku
Language: Raku
Size: 16.6 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: Changes

Awesome Lists containing this project

README

# Crypt::AnyPasswordHash

Use best installed password encryption available

![Build Status](https://github.com/jonathanstowe/Crypt-AnyPasswordHash/workflows/CI/badge.svg)

## Synopsis

use Crypt::AnyPasswordHash;

my $password = 'somepassword';

my Str $hash = hash-password($password);

if check-password($hash, $password ) {
# password ok
}

## Description

This module exports two subroutines `hash-password` and `check-password` which encrypt password and check a provided password against an encrypted hash.

The implementation for the `hash-password` is provided by the first of:

* [Crypt::SodiumPasswordHash](https://github.com/jonathanstowe/Crypt-SodiumPasswordHash)

* [Crypt::Argon2](https://github.com/skinkade/p6-crypt-argon2)

* [Crypt::LibScrypt](https://github.com/jonathanstowe/Crypt-LibScrypt)

* [Crypt::SodiumScrypt](https://github.com/jonathanstowe/Crypt-SodiumScrypt)

* [Crypt::Libcrypt](https://github.com/jonathanstowe/Crypt-Libcrypt)

which can be found. `Crypt::Libcrypt` will be installed as a dependency so it will nearly always work but is dependent on the mechanisms provided by the `libcrypt`: with a fairly recent `libcrypt` it will be able to determine and use the best available algorithm, falling back to attempt SHA-512, however if that isn't available it may fall back to DES which is not considered secure enough for production use. You can tell you are getting DES when the hash returned by `hash-password` is only 13 characters long, if this is the case then you should install one of the other providers.

The `check-password` will attempt to validate against all the available mechanisms until one validates the password or the mechanisms are exhausted. This is so that, if you are validating against stored hashes, if a new supported module is installed or this module is upgraded then you will still be able to verify against hashes made by a previous mechanism.

## Installation

If you have a working Rakudo installation, you should be able to install this with *zef* :

zef install Crypt::AnyPasswordHash

# or from a local copy

zef install .

## Support

If you have any suggestions or patches, please send then to [Github](https://github.com/jonathanstowe/Crypt-AnyPasswordHash/issues)

New hashing providers are welcomed - any new modules should export the subroutines for hashing and verifying.

[Crypt::Bcrypt](https://github.com/skinkade/p6-Crypt-Bcrypt) does work but it needs a small change to be detected.

## Licence

This is free software.

Please see the [LICENCE](LICENCE) file in the distribution