philippmdoerner / nimword Goto Github PK

So far only pbkdf2 and argon are supported.

A new module under src/nimword could be added to provide a module with the following procs for bcrypt support:

proc hashEncodePassword*(password: string, iterations: int, <whatever optional additional parameters>): string
proc isValidPassword*(password: string, encodedHash: string): bool

proc hashPassword*( <whatever parameters>): string
proc encodeHash*( <whatever parameters>): string

Where:

1. hashPassword is the core hashing proc that hashes a password with scrypt and has whatever parameters it needs
2. encodeHash is a way to encode the output of bcrypt into a string that can be stored in a db and be used with isValidPassword
3. hashEncodePassword a way to call 1) and 2) together for convenience
4. isValidPassword to be able to validate whether a given clear-text password when hashed equal the hash included somewhere within the output of encodeHash

That module should also touch nimword.nim in order to include bcrypt into the overarching hashEncodePassword and isValidPassword procs there.

So far only pbkdf2 and argon are supported.

A new module under src/nimword could be added to provide a module with the following procs:

proc hashEncodePassword*(password: string, iterations: int, <whatever optional additional parameters>): string
proc isValidPassword*(password: string, encodedHash: string): bool

proc hashPassword*( <whatever parameters>): string
proc encodeHash*( <whatever parameters>): string

Where:

1. hashPassword is the core hashing proc that hashes a password with scrypt and has whatever parameters it needs
2. encodeHash is a way to encode the output of scrypt into a string that can be stored in a db and be used with isValidPassword
3. hashEncodePassword a way to call 1) and 2) together for convenience
4. isValidPassword to be able to validate whether a given clear-text password when hashed equal the hash included somewhere within the output of encodeHash

That module should also touch nimword.nim in order to include scrypt into the overarching hashEncodePassword and isValidPassword procs there.

hi,
I'm trying to use nimword with Guildenstern and my program won't compile . It seems to me that it's breaking the {.gcsafe.} from Guildenstern.
thanks

As recommended by mratsim for better practicces:

1. Change the API of each hashPassword to return seq[byte]
2. Change the input to be a type Password = distinct string, write a converter that auto-converts string to Password

The purpose of having the distinct Password type is to make it harder to accidentally print/echo it.
Export the Password type as well.