bcryptnim-compatible module
Procs
proc compare(s1, s2: string): bool {....raises: [], tags: [], forbids: [].}
-
This is a constant-time string comparator.
You might not wish to use this, this implementation is provided as a best effort and is most likely not actually constant-time. There's also nothing stopping the Nim (or C) compiler from optimizing this down into variable time instructions.
In other words, implement your own check in assembly if you're serious about security.
Example:
assert compare("a", "b") == false
Source Edit proc genSalt(rounds: int8 = 12; prefix: string = "$2b$"): string {. ...raises: [OSError, CatchableError], tags: [], forbids: [].}
-
This generates a salt, a random value that can be used alongside password hashing to prevent rainbow table attacks. Salting your passwords is standard security practice.
You can set the number of rounds to a number from 4 to 31, invalid values will make the number fallback to 12.
Note: If you want perfect compatability with bcryptnim, then you might have to set the prefix parameter to "$2a$", if you don't care about compatability then don't keep it as "$2b$", or else you might end up using a flawed salt generation system.
Example: cmd: -r:off
let rounds = 12.int8 echo "Your salt is: ", genSalt(rounds)
Source Edit proc hash(key, salt: string): string {....raises: [CatchableError], tags: [], forbids: [].}
-
This procedure takes two string and returns the bcrypt hash for them.
Note: It's best that you provide a salt generated using genSalt(), you could run into undefined behavior otherwise.
Example: cmd: -r:off
var pass = "SOMETHING_SECRET" salt = genSalt(12) echo "Your hash is: ", hash(pass, salt)
Source Edit