hexpreview

README.md

# Comeonin [![Build Status](https://travis-ci.org/elixircnx/comeonin.svg?branch=master "Build Status")](https://travis-ci.org/elixircnx/comeonin) [![Hex.pm Version](http://img.shields.io/hexpm/v/comeonin.svg)](https://hex.pm/packages/comeonin)

Password authorization (bcrypt, pbkdf2_sha512) library for Elixir.

This library is intended to make it very straightforward for developers
to authorize users in as secure a manner as possible.

Comeonin now supports `bcrypt` and `pbkdf2_sha512`.

## Features

* Comeonin uses the most secure, up-to-date hashing schemes.
* It is easy to use.
    * There are several convenience functions to make authorizing users easier.
    * Salts are generated by default.
    * Each function has sensible, secure defaults.
* It provides good documentation.

## Installation

1. Add comeonin to your `mix.exs` dependencies

  ```elixir
  defp deps do
    [ {:comeonin, "~> 0.2.1"} ]
  end
  ```

2. List `:comeonin` as an application dependency

  ```elixir
  def application do
    [applications: [:logger, :comeonin]]
  end
  ```

3. Run `mix do deps.get, compile`

## Usage

Either import or alias the algorithm you want to use -- either `Comeonin.Bcrypt`
or `Comeonin.Pbkdf2`.

Both algorithms use similar naming conventions so as to make it easy to switch
between them. Both have the `hashpwsalt` function, which is a convenience
function that automatically generates a salt and then hashes the password.

To hash a password with the default options:

    hash = hashpwsalt("difficult2guess")

See each module's documentation for more information about
all the available options.

To check a password against the stored hash, use the `checkpw`
function. This takes two arguments: the plaintext password and
the stored hash:

    checkpw(password, stored_hash)

There is also a `dummy_checkpw` function, which takes no arguments
and is to be used when the username cannot be found. It performs a hash,
but then returns false. This can be used to make user enumeration more
difficult.

## Documentation

http://hexdocs.pm/comeonin

## Requirements

OTP version 17.3 or later

## Status

The bcrypt implementation is based on the latest OpenBSD version, which
fixed a small issue that affected some passwords longer than 72 characters.
It has been thoroughly tested in a development environment, but it has
not had much testing in production.

Comeonin has been tested on Linux and OS X, but it has not been tested
on Windows. If you have any problems with the build, please let us know.

## License

BSD. For full details, please read the LICENSE file.