Seeing as nimrod crypto-land is pretty weak. Where do you go when you want to use nice encryption or properly hash passwords with salts and all the jazz?
The answer is: No further!
scrypt.nim not only has a raw binding to some of the scrypt headers etc, but also additional helper things! Currently the only helper in here is the password.nim file. But it's a handy one indeed! It makes proper password so easy! How easy? Let me show you:
import scrypt/password # Get password somehow, here we just set it let password = "Dominik likes screenshots" # Hash our password (salt is added automagically, but you can also specify # your own as the second parameter) let hash = genPasswordHash(password) # Now the user is logging in! So we must verify the password against the hash! # Difficult? No: if checkPasswordHash(password, hash): echo("Great success!") else: echo("Gtfo, punk.")
There is one caveat though. Yes, ONLY one! You need libtarsnap. This is unfortunately never ever in package managers so you are gonna have to get it yourself. Here is how:
- Go to https://www.tarsnap.com/download.html and download
- Extract the archive
- cd in to that thing
- run ./configure
- run make
- (sudo) cp ./lib/tarsnap.a /usr/local/lib/
- (sudo) ldconfig # Not sure if required even but do it for fun!
- Be happy
However since Dominik likes screenshots and is too lazy to do anything himself here is a copy paste into terminal for his and your pleasure:
wget https://www.tarsnap.com/download/tarsnap-autoconf-1.0.35.tgz && tar -xvf tarsnap-autoconf-1.0.35.tgz && cd tarsnap-autoconf-1.0.35 && ./configure && make && sudo cp ./lib/libtarsnap.a /usr/local/lib && sudo ldconfig
Maybe at some point I will include the relevant files in this repo but I don't want to maintain that. Perhaps it could be done with a hg subrepo or something but on the other hand you probably don't want to trust me on that. Make sure you get tarsnap from a safe place. Like the website I showed you.
You don't need to worry either, scrypt.nim is in the public domain (see COPYING.txt for details, especially if you are in a public domain-less country), so you can use it without having to worry that there is some lame viral license taking over your code or even adding a license when distributing an application using this code. However same does probably not apply to libtarsnap! (I believe it is MIT)