Comeonin Build StatusHex.pm Version

Password hashing (bcrypt, pbkdf2_sha512) library for Elixir.

This library is intended to make it very straightforward for developers to check users’ passwords in as secure a manner as possible.

Comeonin now supports bcrypt and pbkdf2_sha512.

Features

Requirements

Elixir version 1.0 or later and Erlang/OTP version 17.0 or later.

You also need to have a C compiler, such as gcc, installed.

For users of Ubuntu, or any other Debian-based distro, we recommend downloading erlang from erlang solutions, as the version of erlang in the repositories is usually quite old.

Installation

  1. Add comeonin to your mix.exs dependencies 
  defp deps do
    [ {:comeonin, "~> 0.11"} ]
  end
  1. List :comeonin as an application dependency 
  def application do
    [applications: [:logger, :comeonin]]
  end
  1. Run mix do deps.get, compile

Usage

Either import or alias the algorithm you want to use – either Comeonin.Bcrypt or Comeonin.Pbkdf2.

Both algorithms use similar naming conventions so as to make it easy to switch between them. Both have the hashpwsalt function, which is a convenience function that automatically generates a salt and then hashes the password.

To hash a password with the default options:

hash = hashpwsalt("difficult2guess")

See each module’s documentation for more information about all the available options.

To check a password against the stored hash, use the checkpw function. This takes two arguments: the plaintext password and the stored hash:

checkpw(password, stored_hash)

There is also a dummy_checkpw function, which takes no arguments and is to be used when the username cannot be found. It performs a hash, but then returns false. This can be used to make user enumeration more difficult.

Documentation

http://hexdocs.pm/comeonin

License

BSD. For full details, please read the LICENSE file.