View on GitHub
Password Class Reference
Password
public class PasswordThis class can be used to securely handle passwords. Passwords will be copied to a secure memory location, comparison will be performed in constant time to avoid timing attacks and a method for hashing passwords is provided to store them for user authentication purposes.
Examples
let password = Password("Correct Horse Battery Staple")!
let hashedPassword = password.hash()!
// Store `hashedPassword.string` to database.
// If a user wants to authenticate, just read it from the database and
// verify it against the password given by the user.
if hashedPassword.isVerified(by: password) {
// The user is authenticated successfully.
}
-
Defines how much CPU load will be required for hashing a password. This reduces the speed of brute-force attacks. You might be required to chose
See morehighormediumif your device does not have much CPU power.Declaration
Swift
public enum ComplexityLimit -
Defines how much memory will be required for hashing a password. This makes brute-forcing more costly. The speed requirements induced by increased CPU load can be reduced by massively parallelizing the attack using FPGAs. As these have limited memory, this factor mitigates those attacks. You might be required to chose
See morehighormediumif your device is not equipped with much memory.Declaration
Swift
public enum MemoryLimit -
A salt should be applied to passwords prior to hashing in order to prevent dictionary attacks. This class represents such a salt.
See moreDeclaration
Swift
public struct Salt -
A key that is derived from a
Password.A derived key contains additional information, i.e., the parameters used to derive the key. In order to derive the same key from the password, the same parameters have to be used.
See moreDeclaration
Swift
public class DerivedKey : KeyMaterial -
Initializes a password from a given string with a given encoding.
Declaration
Swift
public init?(_ password: String, using encoding: String.Encoding = .utf8)Parameters
passwordThe password string, e.g., as entered by the user.
encodingThe encoding of the
passwordstring. -
Hashes a password for securely storing it on disk or in a database for the purpose of authenticating a user.
Warning
Do not change the complexity limits unless it is required, due to device limits or negative performance impact. Please refer to the Guidelines for choosing the parameters.
See
Declaration
Swift
public func hash(complexity: ComplexityLimit = .high, memory: MemoryLimit = .high) -> HashedPassword?Parameters
complexityThe CPU load required.
memoryThe amount of memory required.
Return Value
The hashed password,
nilif something went wrong. -
Checks if this password authenticates a hashed password.
Declaration
Swift
public func verifies(_ hashedPassword: HashedPassword) -> BoolParameters
hashedPasswordThe hashed password.
Return Value
trueif this password authenticates the hashed password. -
Derive a cryptographic key for a given password.
Declaration
Swift
public func derive(sizeInBytes: UInt32, complexity: ComplexityLimit = .high, memory: MemoryLimit = .high, salt: Salt = Salt()) -> DerivedKey?Parameters
sizeInBytesThe size of the derived key in bytes.
saltThe salt that will be used for deriving the key.
complexityLimitThe complexity limit that will be used for deriving the key.
memoryLimitThe memory limit that will be used for deriving the key.
-
Compares two passwords in constant time regardless of their length. This is done by calculating a hash (in sense of a fingerprint not in sense of a hashed password used for storage) on the password and comparing the hash values (which are of equal length) in constant time.
Declaration
Swift
public static func == (lhs: Password, rhs: Password) -> BoolParameters
lhsA password.
rhsAnother password.
Return Value
trueif the passwords are equal.