Comeonin is a specification for password hashing libraries.
For information about hashing passwords in your app, see Password hashing libraries.
In version 5.0 and above, Comeonin now provides two behaviours, Comeonin and Comeonin.PasswordHash, which password hash libraries then implement.
With these changes, Comeonin is now a dependency of the password hashing library you choose to use, and in most cases, you will not use it directly.
See the UPGRADE_v5 guide for information about you can upgrade to version 5.
The following libraries all implement the Comeonin and Comeonin.PasswordHash behaviours:
- Argon2 - argon2_elixir
- Bcrypt - bcrypt_elixir
- Pbkdf2 - pbkdf2_elixir
Argon2 is currently considered to be the strongest password hashing function, and it is the one we recommend.
Bcrypt and Pbkdf2 are viable alternatives, but they are less resistant than Argon2, to attacks using GPUs or dedicated hardware.
On Windows, it can be time-consuming and problematic to setup the environment needed to compile the C code in Argon2 and Bcrypt. For this reason, it is often easier to install Pbkdf2, which has no C dependencies.
For more information, see Choosing a library.
See the Comeonin wiki for more information on the following topics:
- Hashing passwords - a general guide to hashing passwords in your Elixir app
- Password hashing libraries
- Requirements
- Deployment - including information about using Docker
- References
There are many ways you can contribute to the development of Comeonin, including:
- Reporting issues
- Improving documentation
- Sharing your experiences with others
BSD. For full details, please read the LICENSE file.