brioche

brioche/hash/password

Hash and verify passwords using argon2 or bcrypt. Password hashing functions are necessarily slow, and the functions in the brioche/hash/password will automatically run in a worker thread.

Every hash function should be configured with the desired hashing algorithm and some features when needed. To simplify the usage of the hashing functions, you can use the argon2d, argon2i, argon2id & bcrypt helpers that create automatically default hash options for any hash.

import brioche/hash/password
let hash = password.hash("hello world", password.argon2d())
use hash <- promise.await(hash)
let verify = password.verify("hello world", hash)
use verify <- promise.await(verify)
echo verify // True

Bun Documentation

Types

HashAlgorithm

</> 
pub type HashAlgorithm {
  Argon2d
  Argon2i
  Argon2id
  Bcrypt
}

Constructors 

  • Argon2d
  • Argon2i
  • Argon2id
  • Bcrypt

HashOptions

</> 
pub type HashOptions {
  HashOptions(
    algorithm: HashAlgorithm,
    memory_cost: Option(Int),
    time_cost: Option(Int),
  )
}

Constructors 

  • HashOptions(
  algorithm: HashAlgorithm,
  memory_cost: Option(Int),
  time_cost: Option(Int),
)

    Arguments

    algorithm

    Algorithm to use in hashing.

    memory_cost

    Memory usage, in kibibytes.

    time_cost

    Number of hash iterations.

PasswordError

</> 
pub type PasswordError {
  InvalidHash
}

Constructors 

  • InvalidHash

Functions

argon2d

</> 
pub fn argon2d() -> HashOptions

argon2i

</> 
pub fn argon2i() -> HashOptions

argon2id

</> 
pub fn argon2id() -> HashOptions

bcrypt

</> 
pub fn bcrypt() -> HashOptions

hash

</> 
pub fn hash(
  password password: String,
  options options: HashOptions,
) -> Promise(String)

Hash a password using argon2 or bcrypt.

import brioche/hash/password
import gleam/javascript/promise
use hash <- promise.await(password.hash("hello world", password.argon2d()))
use verify <- promise.await(password.verify("hello world", hash))

hash_sync

</> 
pub fn hash_sync(
  password password: String,
  options options: HashOptions,
) -> String

Hash a password using argon2 or bcrypt.

Be careful, sync versions should almost never be used as verify hash takes time, and can considerably impact your production.

import brioche/hash/password
let hash = password.hash("hello world", password.argon2d())
let verify = password.verify("hello world", hash)

memory_cost

</> 
pub fn memory_cost(
  options: HashOptions,
  memory_cost: Int,
) -> HashOptions

Set the memory usage, in kibibytes.

time_cost

</> 
pub fn time_cost(
  options: HashOptions,
  time_cost: Int,
) -> HashOptions

Set the number of iterations for hash.

verify

</> 
pub fn verify(
  password password: String,
  hash hash: String,
) -> Promise(Result(Bool, PasswordError))

Verify a password against a previously hashed password.

import brioche/hash/password
import gleam/javascript/promise
let hash = "$argon2id$v=19$m=65536,t=2,p=1$ddbcyBcbAcagei7wSkZFiouX6TqnUQHmTyS5mxGCzeM$+3OIaFatZ3n6LtMhUlfWbgJyNp7h8/oIsLK+LzZO+WI"
password.verify("hey", hash)
|> promise.await(fn (result) {
  // result == True
})

verify_sync

</> 
pub fn verify_sync(
  password password: String,
  hash hash: String,
) -> Result(Bool, PasswordError)

Verify a password against a previously hashed password.

Be careful, sync versions should almost never be used as verify hash takes time, and can considerably impact your production.

import brioche/hash/password
let hash = "$argon2id$v=19$m=65536,t=2,p=1$ddbcyBcbAcagei7wSkZFiouX6TqnUQHmTyS5mxGCzeM$+3OIaFatZ3n6LtMhUlfWbgJyNp7h8/oIsLK+LzZO+WI"
password.verify_sync("hey", hash)
// result == True
Search Document