pwhash/create pwhash/derive-static-key pwhash/deterministic pwhash/keygen pwhash/reencrypt pwhash/upgrade pwhash/verify
(pwhash/create passwd masterkey &opt opslimit memlimit threads)Hash a password and get a blob that can be safely stored in a database. The returned result is a 128 byte string. Can take optional parameters to tune the difficulty of the hash.
(pwhash/derive-static-key keylen stored passwd ctx master-key &opt opslimit memlimit threads)Derive a static key for used in cryptographic applications from a hashed password and other entropy (kept in stored). Returns a string with keylen bytes.
(pwhash/deterministic hlen passwd ctx master-key &opt opslimit memlimit threads)Hash a password to produce a high entropy key. The returned hashed password is a string of length hlen.
(pwhash/keygen &opt buf)Generate a master key for use in hashing passwords. The master key is used to encrypt all hashed passwords for an extra level of security. Returns a buffer with the new key.
(pwhash/reencrypt stored masterkey new-masterkey)Re-encrypt a hashed password under a new master key without needing the original password, only the previously hashed password and master key. Returns the new hashed password as a string.
(pwhash/upgrade stored masterkey &opt opslimit memlimit threads)Change the encryption parameters of a key to make decrypting faster or slower. This can be used to scale difficulty of password hashing in the event of hardware advancements. Returns the new password hash as a string.
(pwhash/verify stored passwd master-key &opt opslimit memlimit threads)Check if a password matches a stored password hash. Hashing options must be the same as the ones used to created the stored hash.