nova_auth_password (nova_auth v0.2.0)
View SourcePassword hashing and verification using PBKDF2-SHA256. Includes constant-time comparison and dummy verification to prevent user enumeration via timing attacks.
Configuration
Set iterations via application environment:
{nova_auth, [{pbkdf2_iterations, 600000}]}.OWASP recommends 600,000 for PBKDF2-SHA256 (default). Lower values trade security margin for speed — 100,000+ is reasonable for game backends.
Summary
Functions
Simulate password verification timing to prevent user enumeration.
Hash a password using the default algorithm (PBKDF2-SHA256).
Hash a password using the specified algorithm.
Verify a password against a stored hash using constant-time comparison.
Functions
-spec dummy_verify() -> false.
Simulate password verification timing to prevent user enumeration.
Hash a password using the default algorithm (PBKDF2-SHA256).
Hash a password using the specified algorithm.
Verify a password against a stored hash using constant-time comparison.