Vibe.d Password Verification
Jonathan M Davis
newsgroup.d at jmdavisprog.com
Wed Feb 5 20:35:17 UTC 2025
On Wednesday, February 5, 2025 8:16:10 AM MST seany via Digitalmars-d-learn wrote:
> Is there any built in passowrd verification for Vibe.d? Such as
> bcrypt.verifypassword(password , hash)?
>
> I looked at this library: https://code.dlang.org/packages/passwd
> This is causing linking error ( ld: error: unable to find library
> -lbsd) - yes i am on FreeBSD with my hoster. I can't change it.
>
> I also looked at this one: https://code.dlang.org/packages/crypto
> I can't find a verify password method in it.
>
> Any help would be appreciated. My password is being sent as
> string over a secure https connection. The hash is stored as
> another string.
>
> Thank you.
Not having tackled this problem myself, my suggestion would be to simply
write bindings for bcrypt. As long as it's in C, you shouldn't need many
functions, so writing the bindings should be dead simple. Or you could try
importC rather than manually writing the bindings, but I'm guessing that
you'll only need to worry about a couple of functions.
Also as a general rule, you probably should avoid libraries written in D
which provide any crypto stuff unless they're simply bindings for C stuff,
because without a security expert verifying them, it's _really_ easy to have
security issues even if they're otherwise great libraries, and you're
unlikely to find a library with that kind of vetting on code.dlang.org.
- Jonathan M Davis
More information about the Digitalmars-d-learn
mailing list