• seany (11/11) Feb 05 Is there any built in passowrd verification for Vibe.d? Such as
• Sergey (4/7) Feb 05 There are also these 2:
• Jonathan M Davis (12/23) Feb 05 Not having tackled this problem myself, my suggestion would be to simply
• Adam Wilson (9/22) Feb 05 There is one crypto package that includes a secure password
• Ferhat =?UTF-8?B?S3VydHVsbXXFnw==?= (9/22) Feb 06 Long ago, I played around with this. I used dauth, which is

seany <seany uni-bonn.de> writes:

Is there any built in passowrd verification for Vibe.d? Such as 
bcrypt.verifypassword(password , hash)?

I looked at this library: https://code.dlang.org/packages/passwd
This is causing linking error ( ld: error: unable to find library 
-lbsd) - yes i am on FreeBSD with my hoster. I can't change it.

I also looked at this one: https://code.dlang.org/packages/crypto
I can't find a verify password method in it.

Any help would be appreciated. My password is being sent as 
string over a secure https connection. The hash is stored as 
another string.

Thank you.

Sergey <kornburn yandex.ru> writes:

On Wednesday, 5 February 2025 at 15:16:10 UTC, seany wrote:
 Any help would be appreciated. My password is being sent as 
 string over a secure https connection. The hash is stored as 
 another string.


There are also these 2:

https://code.dlang.org/packages/dauth
https://code.dlang.org/packages/arsd-official%3Aargon2

Jonathan M Davis <newsgroup.d jmdavisprog.com> writes:

On Wednesday, February 5, 2025 8:16:10 AM MST seany via Digitalmars-d-learn
wrote:
 Is there any built in passowrd verification for Vibe.d? Such as
 bcrypt.verifypassword(password , hash)?

 I looked at this library: https://code.dlang.org/packages/passwd
 This is causing linking error ( ld: error: unable to find library
 -lbsd) - yes i am on FreeBSD with my hoster. I can't change it.

 I also looked at this one: https://code.dlang.org/packages/crypto
 I can't find a verify password method in it.

 Any help would be appreciated. My password is being sent as
 string over a secure https connection. The hash is stored as
 another string.

 Thank you.

Not having tackled this problem myself, my suggestion would be to simply
write bindings for bcrypt. As long as it's in C, you shouldn't need many
functions, so writing the bindings should be dead simple. Or you could try
importC rather than manually writing the bindings, but I'm guessing that
you'll only need to worry about a couple of functions.

Also as a general rule, you probably should avoid libraries written in D
which provide any crypto stuff unless they're simply bindings for C stuff,
because without a security expert verifying them, it's _really_ easy to have
security issues even if they're otherwise great libraries, and you're
unlikely to find a library with that kind of vetting on code.dlang.org.

- Jonathan M Davis

Adam Wilson <flyboynw gmail.com> writes:

On Wednesday, 5 February 2025 at 15:16:10 UTC, seany wrote:
 Is there any built in passowrd verification for Vibe.d? Such as 
 bcrypt.verifypassword(password , hash)?

 I looked at this library: https://code.dlang.org/packages/passwd
 This is causing linking error ( ld: error: unable to find 
 library -lbsd) - yes i am on FreeBSD with my hoster. I can't 
 change it.

 I also looked at this one: 
 https://code.dlang.org/packages/crypto
 I can't find a verify password method in it.

 Any help would be appreciated. My password is being sent as 
 string over a secure https connection. The hash is stored as 
 another string.

 Thank you.

There is one crypto package that includes a secure password 
hashing/verification implementation and has had it's 
implementation vetted.

SecureD: https://code.dlang.org/packages/secured

The algorithm you are looking for is 
`securePassword/verifyPassword` methods in `secured.kdf`. By 
default this will use SCrypt. PBKDF2 is available for backwards 
compatibility but is not recommended for use in new projects.

Ferhat =?UTF-8?B?S3VydHVsbXXFnw==?= <aferust gmail.com> writes:

On Wednesday, 5 February 2025 at 15:16:10 UTC, seany wrote:
 Is there any built in passowrd verification for Vibe.d? Such as 
 bcrypt.verifypassword(password , hash)?

 I looked at this library: https://code.dlang.org/packages/passwd
 This is causing linking error ( ld: error: unable to find 
 library -lbsd) - yes i am on FreeBSD with my hoster. I can't 
 change it.

 I also looked at this one: 
 https://code.dlang.org/packages/crypto
 I can't find a verify password method in it.

 Any help would be appreciated. My password is being sent as 
 string over a secure https connection. The hash is stored as 
 another string.

 Thank you.

Long ago, I played around with this. I used dauth, which is 
already mentioned.
https://github.com/aferust/simplerestvibed/blob/master/source/app.d

You may also be interested in my d port of its dangerous Python 
package, in which you can use timed and/or untimed web tokens. 
This is not heavily tested in "dangerous" environments, though :)

https://pypi.org/project/itsdangerous/

https://github.com/aferust/itsdangerous-d