https://github.com/weavejester/crypto-password

Library for securely hashing passwords
https://github.com/weavejester/crypto-password

bcrypt clojure cryptography kdf scrypt

Last synced: about 2 months ago
JSON representation

Library for securely hashing passwords

• Host: GitHub
• URL: https://github.com/weavejester/crypto-password
• Owner: weavejester
• Created: 2012-11-26T20:48:15.000Z (over 12 years ago)
• Default Branch: master
• Last Pushed: 2023-06-01T16:08:55.000Z (almost 2 years ago)
• Last Synced: 2024-05-08T19:30:01.783Z (about 1 year ago)
• Topics: bcrypt, clojure, cryptography, kdf, scrypt
• Language: Clojure
• Size: 153 KB
• Stars: 202
• Watchers: 8
• Forks: 15
• Open Issues: 1
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# crypto-password

[![Build Status](https://travis-ci.org/weavejester/crypto-password.png?branch=master)](https://travis-ci.org/weavejester/crypto-password)

A Clojure library for securing user passwords using a

[key derivation function][1]. Supports the following algorithms:

* [PBKDF2](http://en.wikipedia.org/wiki/PBKDF2)

* [Bcrypt](http://bcrypt.sourceforge.net/)

* [scrypt](http://www.tarsnap.com/scrypt.html)

[1]: http://en.wikipedia.org/wiki/Key_derivation_function

## Installation

Add the following dependency to your `project.clj` file:

    [crypto-password "0.3.0"]

## Usage

Pick an encryption algorithm, either `pbkdf2`, `bcrypt` or `scrypt`:

```clojure

(require '[crypto.password. :as password])

```

Then use the `encrypt` function to apply a secure, one-way encryption

algorithm to a password:

```clojure

(def encrypted (password/encrypt "foobar"))

```

And the `check` function to check the encrypted password against a

plaintext password:

```clojure

(password/check "foobar" encrypted) ;; => true

```

## Defaults

The default options for the key derivation algorithms were chosen

based on benchmarks carried on on a AWS t1.micro server running Ubuntu

13.10 (ami-35dbde5c), in March 2014.

On this hardware, the key derivation functions take approximately

200ms to complete with their default options. This is a short enough

time to not be an inconvenience for a human being, but long enough to

make brute forcing encrypted passwords very costly.

## Documentation

* [API Docs](http://weavejester.github.com/crypto-password/)

## License

Copyright © 2021 James Reeves

Distributed under the Eclipse Public License, the same as Clojure.