Send Beginners mailing list submissions to
beginners@haskell.org
To subscribe or unsubscribe via the World Wide Web, visit
http://mail.haskell.org/cgi-bin/mailman/listinfo/beginners
or, via email, send a message with subject or body 'help' to
beginners-requ...@haskell.org
You can reach the person managing the list at
beginners-ow...@haskell.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Beginners digest..."
Today's Topics:
1. Understanding reason for Monad (Pietro Grandinetti)
2. Re: Understanding reason for Monad (Kim-Ee Yeoh)
3. Re: Understanding reason for Monad (Travis Cardwell)
----------------------------------------------------------------------
Message: 1
Date: Tue, 21 Feb 2023 13:17:14 +0000
From: Pietro Grandinetti <pietro....@hotmail.it>
To: "beginners@haskell.org" <beginners@haskell.org>
Subject: [Haskell-beginners] Understanding reason for Monad
Message-ID:
<db9p191mb1514f0f7bf1a1214df8cfc2cfc...@db9p191mb1514.eurp191.prod.outlook.com>
Content-Type: text/plain; charset="iso-8859-1"
Hello--
I am going to use the function 'hashPassword' in [1] and I am not able to
understand why the result is MonadRandom ByteArray instead of simply being a
ByteString (or, ByteArray, or similar). Looking at [2], the only useful thing I
can do with a MonadRandom a is to convert it to IO a. Why would a result of
this determistic computation be a IO?
[1] -
https://hackage.haskell.org/package/cryptonite-0.30/docs/Crypto-KDF-BCrypt.html
[2] -
https://hackage.haskell.org/package/cryptonite-0.30/docs/Crypto-Random-Types.html#t:MonadRandom
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.haskell.org/pipermail/beginners/attachments/20230221/e00fe7b5/attachment-0001.html>
------------------------------
Message: 2
Date: Tue, 21 Feb 2023 20:52:14 +0700
From: Kim-Ee Yeoh <k...@atamo.com>
To: The Haskell-Beginners Mailing List - Discussion of primarily
beginner-level topics related to Haskell <beginners@haskell.org>
Subject: Re: [Haskell-beginners] Understanding reason for Monad
Message-ID:
<CAPY+ZdSGN53V4iePNpQnFCD=O7iHSUr=ytem6crvchicdjk...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Hi Pietro,
The hash algorithm you linked to is not a pure hash function.
Using pure hash functions for passwords make the resulting hashes
vulnerable to dictionary attacks.
The bcrypt algorithm incorporates random data—hence the use of
MonadRandom—called a salt, to generate a password hash resistant to
dictionary attacks.
(You’d probably get better answers to such questions on the cafe mailing
list. You seem to be well beyond the LYAH level, more power to you!)
Best, Kim-Ee
On Tue, Feb 21, 2023 at 8:17 PM Pietro Grandinetti <pietro....@hotmail.it>
wrote:
> Hello--
>
> I am going to use the function 'hashPassword' in [1] and I am not able to
> understand why the result is MonadRandom ByteArray instead of simply
> being a ByteString (or, ByteArray, or similar). Looking at [2], the only
> useful thing I can do with a MonadRandom a is to convert it to IO a. Why
> would a result of this determistic computation be a IO?
>
> [1] -
> https://hackage.haskell.org/package/cryptonite-0.30/docs/Crypto-KDF-BCrypt.html
> [2] -
> https://hackage.haskell.org/package/cryptonite-0.30/docs/Crypto-Random-Types.html#t:MonadRandom
> _______________________________________________
> Beginners mailing list
> Beginners@haskell.org
> http://mail.haskell.org/cgi-bin/mailman/listinfo/beginners
>
--
-- Kim-Ee
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.haskell.org/pipermail/beginners/attachments/20230221/8df36896/attachment-0001.html>
------------------------------
Message: 3
Date: Wed, 22 Feb 2023 16:15:27 +0900
From: Travis Cardwell <travis.cardw...@extrema.is>
To: The Haskell-Beginners Mailing List - Discussion of primarily
beginner-level topics related to Haskell <beginners@haskell.org>
Subject: Re: [Haskell-beginners] Understanding reason for Monad
Message-ID:
<cacajp_refrqhrxmrbmqw-zvccutrphvstqfsd+x-zzf-bxb...@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Hi Pietro,
Haskell type classes provide ad-hoc polymorphism. Essentially, they
allow you to write a function that works with more than one concrete
type.
<https://wiki.haskell.org/Polymorphism#Ad-hoc_polymorphism>
Function `hashPassword` has the following type:
hashPassword
:: (MonadRandom m, ByteArray password, ByteArray hash)
=> Int
-> password
-> m hash
It has three constraints (listed before the double arrow):
Constraint `MonadRandom m` means that the function works in any monad
that has a `MonadRandom` instance and can therefore be used to generate
random values. If you click `MonadRandom` in the documentation, you
can see which instances are built in. There is an `IO` instance, so you
can run `hashPassword` in the `IO` monad.
Constraint `ByteArray password` means that the function accepts a
password of any type that has a `ByteArray` instance. If you click
`ByteArray` in the documentation, you can see which instances are built
in. There is a `ByteString` instance, so `hashPassword` can handle
`ByteString` password arguments.
Constraint `ByteArray hash` means that the function can return a hash
of any type that has a `ByteArray` instance. The concrete type may be
determined by how the return type is used; if your code expects a
`ByteString` hash, then that is what you get.
Here is a simple demo that hashes the first argument, or `password` if
no arguments are provided:
{-# LANGUAGE OverloadedStrings #-}
module Main (main) where
-- https://hackage.haskell.org/package/base
import System.Environment (getArgs)
-- https://hackage.haskell.org/package/base16-bytestring
import qualified Data.ByteString.Base16 as Base16
-- https://hackage.haskell.org/package/cryptonite
import qualified Crypto.KDF.BCrypt as BCrypt
-- https://hackage.haskell.org/package/text
import qualified Data.Text as T
import qualified Data.Text.Encoding as TE
import qualified Data.Text.Encoding.Error as TEE
import qualified Data.Text.IO as TIO
main :: IO ()
main = do
password <- T.pack . head . (++ ["password"]) <$> getArgs
TIO.putStrLn $ "password: " <> password
hashBS <- BCrypt.hashPassword 11 $ TE.encodeUtf8 password
let hashHex = TE.decodeUtf8With TEE.lenientDecode $ Base16.encode hashBS
TIO.putStrLn $ "hash: " <> hashHex
This demo runs in the `IO` monad, the password is passed to
`hashPassword` as a `ByteString`, and the hash returned by
`hashPassword` is a `ByteString`. Note that the password is encoded as
a `ByteString` via `Text` so that it supports UTF-8.
$ hash-password パスワード
password: パスワード
hash:
24326224313124486e474157773750493667744b6b6270354451613275516863667a68702e6756727a414b474542716751755371314949613549314b
Cheers,
Travis
------------------------------
Subject: Digest Footer
_______________________________________________
Beginners mailing list
Beginners@haskell.org
http://mail.haskell.org/cgi-bin/mailman/listinfo/beginners
------------------------------
End of Beginners Digest, Vol 169, Issue 4
*****************************************
