Comeonin is the long-standing password-security library for Elixir that standardizes secure hashing and verification practices in Phoenix and Plug applications. It provides a uniform interface for modern algorithms such as Argon2, Bcrypt, and PBKDF2 (implemented in companion packages), along with guidance for salts, cost factors, and timing-safe comparisons. The library’s helpers make it straightforward to add registration and login flows that resist brute-force and side-channel attacks. Migration paths and checks are included so you can upgrade algorithms or work factors over time without breaking existing credentials. Its focus on practical ergonomics—clear APIs, sensible defaults, and good docs—has made it the de facto choice for password handling in Elixir. By centralizing hashing concerns, Comeonin helps teams avoid subtle security mistakes while keeping authentication code terse and testable.
Features
- Defines behaviors for password hashing libraries in Elixir
- Interfaces include both Comeonin and Comeonin.PasswordHash
- Enables interchangeable use of different hashing algorithm libraries
- Promotes modularity by decoupling app code from specific implementations
- Simplifies upgrades across hashing algorithms
- Includes documentation and guides via its wiki