https://github.com/weavejester/crypto-password
Library for securely hashing passwords
https://github.com/weavejester/crypto-password
bcrypt clojure cryptography kdf scrypt
Last synced: 28 days ago
JSON representation
Library for securely hashing passwords
- Host: GitHub
- URL: https://github.com/weavejester/crypto-password
- Owner: weavejester
- Created: 2012-11-26T20:48:15.000Z (over 12 years ago)
- Default Branch: master
- Last Pushed: 2023-06-01T16:08:55.000Z (almost 2 years ago)
- Last Synced: 2024-05-08T19:30:01.783Z (12 months ago)
- Topics: bcrypt, clojure, cryptography, kdf, scrypt
- Language: Clojure
- Size: 153 KB
- Stars: 202
- Watchers: 8
- Forks: 15
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# crypto-password
[](https://travis-ci.org/weavejester/crypto-password)
A Clojure library for securing user passwords using a
[key derivation function][1]. Supports the following algorithms:* [PBKDF2](http://en.wikipedia.org/wiki/PBKDF2)
* [Bcrypt](http://bcrypt.sourceforge.net/)
* [scrypt](http://www.tarsnap.com/scrypt.html)[1]: http://en.wikipedia.org/wiki/Key_derivation_function
## Installation
Add the following dependency to your `project.clj` file:
[crypto-password "0.3.0"]
## Usage
Pick an encryption algorithm, either `pbkdf2`, `bcrypt` or `scrypt`:
```clojure
(require '[crypto.password. :as password])
```Then use the `encrypt` function to apply a secure, one-way encryption
algorithm to a password:```clojure
(def encrypted (password/encrypt "foobar"))
```And the `check` function to check the encrypted password against a
plaintext password:```clojure
(password/check "foobar" encrypted) ;; => true
```## Defaults
The default options for the key derivation algorithms were chosen
based on benchmarks carried on on a AWS t1.micro server running Ubuntu
13.10 (ami-35dbde5c), in March 2014.On this hardware, the key derivation functions take approximately
200ms to complete with their default options. This is a short enough
time to not be an inconvenience for a human being, but long enough to
make brute forcing encrypted passwords very costly.## Documentation
* [API Docs](http://weavejester.github.com/crypto-password/)
## License
Copyright © 2021 James Reeves
Distributed under the Eclipse Public License, the same as Clojure.