View Source Pow.Ecto.Schema.Password (Pow v1.0.38)

Simple wrapper for password hash and verification.

The password hash format is based on Pbkdf2

Configuration

This module can be configured by setting the Pow.Ecto.Schema.Password key for the :pow app:

config :pow, Pow.Ecto.Schema.Password,
  iterations: 100_000,
  length: 64,
  digest: :sha512,
  salt_length: 16

For test environment it's recommended to set the iteration to 1:

config :pow, Pow.Ecto.Schema.Password, iterations: 1

Summary

Functions

Generates an encoded PBKDF2 hash.

Verifies that the secret matches the encoded binary.

Functions

Link to this function

pbkdf2_hash(secret, opts \\ nil)

View Source
@spec pbkdf2_hash(binary(), Keyword.t() | nil) :: binary()

Generates an encoded PBKDF2 hash.

By default this is a PBKDF2-SHA512 hash with 100,000 iterations, with a random salt. The hash, salt, iterations and digest method will be part of the returned binary. The hash and salt are Base64 encoded.

Options

  • :iterations - defaults to 100_000;
  • :length - a length in octets for the derived key. Defaults to 64;
  • :digest - an hmac function to use as the pseudo-random function. Defaults to :sha512;
  • :salt - a salt binary to use. Defaults to a randomly generated binary;
  • :salt_length - a length for the random salt binary. Defaults to 16;
Link to this function

pbkdf2_verify(secret, secret_hash, opts \\ [])

View Source
@spec pbkdf2_verify(binary(), binary(), Keyword.t()) :: boolean()

Verifies that the secret matches the encoded binary.

A PBKDF2 hash will be generated from the secret with the same options as found in the encoded binary. The hash, salt, iterations and digest method is parsed from the encoded binary. The hash and salt decoded as Base64 encoded binaries.

Options

  • :length - a length in octets for the derived key. Defaults to 64;