Password hashing (bcrypt, pbkdf2_sha512) library for Elixir.
This library is intended to make it very straightforward for developers to check users' passwords in as secure a manner as possible.
Comeonin now supports bcrypt and pbkdf2_sha512.
- Comeonin uses the most secure, up-to-date hashing schemes.
- It is easy to use.
- There are several convenience functions to make checking passwords easier.
- Salts are generated by default.
- Each function has sensible, secure defaults.
- It provides excellent documentation.
- Clear instructions are given on how to use Comeonin.
- Several recommendations are also given to help developers keep their apps secure.
- Add comeonin to your
mix.exsdependencies
defp deps do
[ {:comeonin, "~> 0.8"} ]
end- List
:comeoninas an application dependency
def application do
[applications: [:logger, :comeonin]]
end- Run
mix do deps.get, compile
Either import or alias the algorithm you want to use -- either Comeonin.Bcrypt
or Comeonin.Pbkdf2.
Both algorithms use similar naming conventions so as to make it easy to switch
between them. Both have the hashpwsalt function, which is a convenience
function that automatically generates a salt and then hashes the password.
To hash a password with the default options:
hash = hashpwsalt("difficult2guess")
See each module's documentation for more information about all the available options.
To check a password against the stored hash, use the checkpw
function. This takes two arguments: the plaintext password and
the stored hash:
checkpw(password, stored_hash)
There is also a dummy_checkpw function, which takes no arguments
and is to be used when the username cannot be found. It performs a hash,
but then returns false. This can be used to make user enumeration more
difficult.
OTP version 17.0 or later
For users of Ubuntu, or any other Debian-based distro, we recommend downloading erlang from erlang solutions, as the version of erlang in the repositories is usually quite old.
BSD. For full details, please read the LICENSE file.