/bcrypt_elixir

Bcrypt password hashing for Elixir

Primary LanguageCOtherNOASSERTION

Bcrypt

Bcrypt password hashing algorithm for Elixir.

Bcrypt is a well-tested password-based key derivation function that can be configured to remain slow and resistant to brute-force attacks even as computational power increases.

This version is based on the OpenBSD version of Bcrypt and supports the $2b$ and $2a$ prefixes. For advice on how to use hashes with the $2y$ prefix, see this issue.

This library can be used on its own, or it can be used together with Comeonin, which provides a higher-level api.

Async tests issue

Some developers have reported problems when running tests using async: true with version 1.0 of bcrypt_elixir. See this issue for more details.

Installation

  1. Add bcrypt_elixir to the deps section of your mix.exs file:

If you are using Erlang 20:

def deps do
  [
    {:bcrypt_elixir, "~> 1.0"}
  ]
end

If you are NOT using Erlang 20:

def deps do
  [
    {:bcrypt_elixir, "~> 0.12"}
  ]
end

  1. Make sure you have a C compiler installed. See the Comeonin wiki for details.

  2. Optional: during tests (and tests only), you may want to reduce the number of rounds so it does not slow down your test suite. If you have a config/test.exs, you should add:

config :bcrypt_elixir, :log_rounds, 4

Use

In most cases, you will just need to use the following three functions:

  • hash_pwd_salt - hash a password with a randomly-generated salt
  • verify_pass - check the password by comparing it with a stored hash
  • no_user_verify - perform a dummy check to make user enumeration more difficult

See the documentation for the Bcrypt module for more information.

For a lower-level api, see the documentation for Bcrypt.Base.

For further information about password hashing and using Bcrypt with Comeonin, see the Comeonin wiki.

Docker

In order to use bcrypt_elixir in Docker, you will probably need to manually compile it in your Dockerfile. In order to do it on the Alpine image, you're going to need make, gcc and libc-dev. Add the following lines to your Dockerfile, right after RUN mix deps.get

RUN apk add --no-cache make gcc libc-dev

Remember to add your local _build and deps folders to .dockerignore, because otherwise, you'll see errors coming up.

Deployment

See the Comeonin deployment guide.

License

BSD. For full details, please read the LICENSE file.