I'm currently trying it and it seems quite easy to load and use - just working fine. Of couse it seems kinda slow in comparison with native implementations (2000 iterations of SHA256 into 32 byte hash taking almost a second on my quite powerful PC), but that's expected and not that much of a problem. I'm also not capable to tell whether there are not any security flaws, but anything is better than something I would write myself without reading deep enough into the topic. Anyway, I think I will happily keep with it until there is somehow easy to use implementation or FFI for current Pharo for any more current algorithm.
Thank you both. Jan Udo Schneider wrote > Hi Jan, > > I extracted a PBKDF2 implementation from some of my code some time ago. > Take a look here: > > http://readthesourceluke.blogspot.de/2014/07/pbkdf2-for-pharo.html > http://www.smalltalkhub.com/#!/~UdoSchneider/PBKDF2 > > CU, > > Udo > > On 19/12/16 18:09, Jan Blizničenko wrote: >> Hello >> >> I'm working on Pharo-based webserver and right now I got to the topic of >> storing user passwords. I found SHA256 integrated in Pharo, but hashing >> with >> SHA is far from enough. I also looked around the mailing list history to >> find few posts from 2011 about bcrypt using Linux libraries. I'd like to >> ask >> what is current status - what are my options under following conditions: >> >> I prefer Pharo 5 compatibility. I could downgrade to Pharo 4 or use beta >> Pharo 6, but latest stable relase is preferred. >> >> I require at least bcrypt or PDKBF2, but I much more prefer >> GPU-attack-resistant solutions like scrypt or Argon2. >> >> I require Linux compatibility, but platform independent solution would be >> kinda nice (we could use the same algorithm on our local machines with >> Mac >> and Win for development). >> >> Thank you >> Jan >> >> >> >> -- >> View this message in context: >> http://forum.world.st/Password-storage-options-tp4927471.html >> Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com. >> >> -- View this message in context: http://forum.world.st/Password-storage-options-tp4927480p4927698.html Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.
