20 Password Hashing
(require koyo/hasher) | package: koyo-lib |
This module provides functionality for creating and verifying password hashes.
20.1 Hasher Interface
interface
The generic interface for password hashers. Every hasher is also a
gen:component.
Returns #t when v implements the password hasher
interface.
procedure
(hasher-make-hash h pass) → string?
h : hasher? pass : string?
Hashes pass in an implementation-specific way.
procedure
(hasher-hash-matches? h pass-hash pass) → boolean?
h : hasher? pass-hash : string? pass : string?
Returns #t when pass-hash is a hash of pass.
20.2 Implementations
20.2.1 argon2id
This hasher is based on the hybrid variant argon2 KDF. It is the recommended hasher for koyo applications and it’s what you currently get when you create an application using the standard blueprint.
procedure
(argon2id-hasher? v) → boolean?
v : any/c
Returns #t when v is an argon2id hasher.
procedure
(make-argon2id-hasher-factory #:parallelism parallelism #:iterations iterations #:memory memory) → (-> argon2id-hasher?) parallelism : (processor-count) iterations : 256 memory : 2048
Returns an argon2id-based hasher with the given configuration.
It’s strongly recommended that you pick config values suitable to
your own environment.
> (define the-hasher (component-start ((make-argon2id-hasher-factory)))) > > (define p "supersecret") > (define h (hasher-make-hash the-hasher p)) > h "$argon2id$v=19$m=2048,t=256,p=16$e0gUGCU9E3MH3ik94QEX8A$4AASykMvNYkxpvZg2gCwWpHsP6brXszduYHbeu1bqwE"
> > (hasher-hash-matches? the-hasher h "nope") #f
> (hasher-hash-matches? the-hasher h p) #t