Password authorization (bcrypt, pbkdf2_sha512) library for Elixir.
This library is intended to make it very straightforward for developers to authorize users in as secure a manner as possible.
Comeonin now supports bcrypt and pbkdf2_sha512.
- Comeonin uses the most secure, up-to-date hashing schemes.
- It is easy to use.
- There are several convenience functions to make authorizing users easier.
- Salts are generated by default.
- Each function has sensible, secure defaults.
- It provides good documentation.
- Add comeonin to your
mix.exsdependencies
defp deps do
[ {:comeonin, "~> 0.2"} ]
end- List
:comeoninas an application dependency
def application do
[applications: [:logger, :comeonin]]
end- Run
mix do deps.get, compile
Either import or alias the algorithm you want to use -- either Comeonin.Bcrypt
or Comeonin.Pbkdf2.
Both algorithms use similar naming conventions so as to make it easy to switch
between them. Both have the hashpwsalt function, which is a convenience
function that automatically generates a salt and then hashes the password.
To hash a password with the default options:
hash = hashpwsalt("difficult2guess")
See each module's documentation for more information about all the available options.
To check a password against the stored hash, use the checkpw
function. This takes two arguments: the plaintext password and
the stored hash:
checkpw(password, stored_hash)
There is also a dummy_checkpw function, which takes no arguments
and is to be used when the username cannot be found. It performs a hash,
but then returns false. This can be used to make user enumeration more
difficult.
OTP version 17.3 or later
The bcrypt implementation is based on the latest OpenBSD version, which fixed a small issue that affected some passwords longer than 72 characters. It has been thoroughly tested in a development environment, but it has not had much testing in production.
Comeonin has been tested on Linux, OS X and FreeBSD, but it has not been tested on Windows. If you have any problems with the build, please let us know.
BSD. For full details, please read the LICENSE file.