A specification for password hashing libraries


Keywords
argon2, bcrypt, elixir, pbkdf2
License
BSD-3-Clause

Documentation

Comeonin

Hex.pm Version Build Status Join the chat at https://gitter.im/comeonin/Lobby

Comeonin is a specification for password hashing libraries.

For information about hashing passwords in your app, see Password hashing libraries.

Changes in version 5

In version 5.0, Comeonin now provides two behaviours, Comeonin and Comeonin.PasswordHash, which password hash libraries then implement.

With these changes, Comeonin is now a dependency of the password hashing library you choose to use, and in most cases, you will not use it directly.

See the UPGRADE_v5 guide for information about you can upgrade to version 5.

Password hashing libraries

The following libraries all implement the Comeonin and Comeonin.PasswordHash behaviours:

Argon2 is currently considered to be the strongest password hashing function, and it is the one we recommend.

Bcrypt and Pbkdf2 are viable alternatives, but they are less resistant than Argon2, to attacks using GPUs or dedicated hardware.

For more information, see Choosing a library.

Comeonin wiki

See the Comeonin wiki for more information on the following topics:

Contributing

There are many ways you can contribute to the development of Comeonin, including:

Donations

This software is offered free of charge, but if you find it useful and you would like to buy me a cup of coffee, you can do so through paypal.

Documentation

https://hexdocs.pm/comeonin

License

BSD. For full details, please read the LICENSE file.