nova_auth_password (nova_auth v0.2.0)

View Source

Password hashing and verification using PBKDF2-SHA256. Includes constant-time comparison and dummy verification to prevent user enumeration via timing attacks.

Configuration

Set iterations via application environment:

{nova_auth, [{pbkdf2_iterations, 600000}]}.

OWASP recommends 600,000 for PBKDF2-SHA256 (default). Lower values trade security margin for speed — 100,000+ is reasonable for game backends.

Summary

Functions

Simulate password verification timing to prevent user enumeration.

Hash a password using the default algorithm (PBKDF2-SHA256).

Hash a password using the specified algorithm.

Verify a password against a stored hash using constant-time comparison.

Functions

dummy_verify()

-spec dummy_verify() -> false.

Simulate password verification timing to prevent user enumeration.

hash(Password)

-spec hash(binary()) -> binary().

Hash a password using the default algorithm (PBKDF2-SHA256).

hash/2

-spec hash(binary(), pbkdf2_sha256 | bcrypt | argon2) -> binary().

Hash a password using the specified algorithm.

verify/2

-spec verify(binary(), binary()) -> boolean().

Verify a password against a stored hash using constant-time comparison.