Fast and secure Argon2 password hashing library for Elixir. https://hex.pm/packages/argon2id_elixir

Find a file

Jussi abb3eab559 initial		2024-11-09 15:17:45 +02:00
lib	initial	2024-11-09 15:17:45 +02:00
native/argon2	initial	2024-11-09 15:17:45 +02:00
test	initial	2024-11-09 15:17:45 +02:00
.editorconfig	initial	2024-11-09 15:17:45 +02:00
.formatter.exs	initial	2024-11-09 15:17:45 +02:00
.gitignore	initial	2024-11-09 15:17:45 +02:00
LICENSE-APACHE	initial	2024-11-09 15:17:45 +02:00
LICENSE-MIT	initial	2024-11-09 15:17:45 +02:00
mix.exs	initial	2024-11-09 15:17:45 +02:00
mix.lock	initial	2024-11-09 15:17:45 +02:00
README.md	initial	2024-11-09 15:17:45 +02:00

README.md

Argon2id for Elixir

Fast and secure Argon2 password hashing library for Elixir.

Features

Uses the pure Rust implementation of Argon2
Only Argon2i implementation (version 0x13) at the moment
Built-in security presets (OWASP, Strong, Test/Unsafe)

Installation

Add argon2id_elixir to your list of dependencies in mix.exs:

def deps do
  [
    {:argon2id_elixir, "~> 0.1.0"}
  ]
end

Ensure you have Rust installed, as it's required for compilation:

# On Windows
winget install Rust.Rust

# On Unix-like systems (https://rustup.rs/)
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

Usage

Basic Password Hashing

# Hash a password with default OWASP settings
hash = Argon2.hash_password("secure_password123")

# Verify a password
if Argon2.verify_password("secure_password123", hash) do
  # Password matches
else
  # Password is incorrect
end

Configuration Presets

Three security presets are available:

# OWASP (default) - Recommended for most use cases
hash = Argon2.hash_password("secure_password123")

# Strong - Higher security for sensitive applications
hash = Argon2.hash_password("secure_password123", "strong")

# Test - Fast but unsafe, only for testing purposes
hash = Argon2.hash_password("secure_password123", "test_unsafe")

Preset specifications:

OWASP: m=19456 KiB, t=2, p=1
Strong: m=65540 KiB, t=3, p=4
Test: m=1024 KiB, t=1, p=1 (Useful for testing)

Benchmarking

You can benchmark the different configurations on your hardware:

mix run -e "Argon2.Benchmark.run(10)"

Configuration Benchmarks (averaged over 10 runs):

OWASP:
  Hash time: 25ms
  Verify time: 24ms
  Memory: 19MB

STRONG:
  Hash time: 145ms
  Verify time: 139ms
  Memory: 65MB

TEST_UNSAFE:
  Hash time: 1ms
  Verify time: 1ms
  Memory: 1MB

Development

# Install dependencies
mix deps.get

# Run tests
mix test

# Run benchmarks
mix run -e "Argon2.Benchmark.run()"

# Run code quality checks
mix quality

# Generate documentation
mix docs

# Format code
mix format

License

Licensed under either of

Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.

Credits

RustCrypto Argon2 - The Rust implementation
Rustler - Elixir NIF interface