From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: caml-list@sympa.inria.fr Delivered-To: caml-list@sympa.inria.fr Received: from mail1-relais-roc.national.inria.fr (mail1-relais-roc.national.inria.fr [192.134.164.82]) by sympa.inria.fr (Postfix) with ESMTPS id 135497ED34 for ; Mon, 9 Jul 2012 19:43:46 +0200 (CEST) Received-SPF: None (mail1-smtp-roc.national.inria.fr: no sender authenticity information available from domain of darioteixeira@yahoo.com) identity=pra; client-ip=98.139.91.74; receiver=mail1-smtp-roc.national.inria.fr; envelope-from="darioteixeira@yahoo.com"; x-sender="darioteixeira@yahoo.com"; x-conformance=sidf_compatible Received-SPF: None (mail1-smtp-roc.national.inria.fr: no sender authenticity information available from domain of darioteixeira@yahoo.com) identity=mailfrom; client-ip=98.139.91.74; receiver=mail1-smtp-roc.national.inria.fr; envelope-from="darioteixeira@yahoo.com"; x-sender="darioteixeira@yahoo.com"; x-conformance=sidf_compatible Received-SPF: None (mail1-smtp-roc.national.inria.fr: no sender authenticity information available from domain of postmaster@nm4.bullet.mail.sp2.yahoo.com) identity=helo; client-ip=98.139.91.74; receiver=mail1-smtp-roc.national.inria.fr; envelope-from="darioteixeira@yahoo.com"; x-sender="postmaster@nm4.bullet.mail.sp2.yahoo.com"; x-conformance=sidf_compatible X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AqgEAEcX+09ii1tKZWdsb2JhbAA4DaZpkS8NCgoHFAUkghsBFiAVAQIVIgEUMwEBRQEOAQYYhVyCKwkBAQIMBAeaQYZOiEIJgmiFDwEjAwEjA4lRAQYKAQGLVIJMAQWDGgOISYx0hU8tTYQ3hCKDW4E3AQ X-IronPort-AV: E=Sophos;i="4.77,553,1336341600"; d="scan'208";a="166176985" Received: from nm4.bullet.mail.sp2.yahoo.com ([98.139.91.74]) by mail1-smtp-roc.national.inria.fr with SMTP; 09 Jul 2012 19:43:44 +0200 Received: from [72.30.22.92] by nm4.bullet.mail.sp2.yahoo.com with NNFMP; 09 Jul 2012 17:43:43 -0000 Received: from [98.139.91.14] by tm14.bullet.mail.sp2.yahoo.com with NNFMP; 09 Jul 2012 17:43:43 -0000 Received: from [127.0.0.1] by omp1014.mail.sp2.yahoo.com with NNFMP; 09 Jul 2012 17:43:43 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 764324.61574.bm@omp1014.mail.sp2.yahoo.com Received: (qmail 76174 invoked by uid 60001); 9 Jul 2012 17:43:43 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1341855823; bh=7sGF6wc+0qwhCwplzf/oRWpBM6YflI0PgLZAUsbYLsM=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=IRBaFyfSJknqa52EqIs2uBlEBH4I0+mmQm17JaefqYM3P2xrJW2cLqPAvuTSUMblzIc+iSQNC5EeTYKU36r2qFcnef/YDzuacZdSheKIdHKni6KYs/QIMg3qU4aa5/ljN5WGoon0J1kI5fMxyAKFFhutvFynzy8yzd79Y2z3ba8= DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=VMGjNMXWZ0UyArsDDMXjU+6Rn//mRamK8xtMp3GdoGlmZmVztITCLFaQGoxBnHtEtyaHXHo0+UN5Wng2Bis+raM/XxEXdZIYF4kgUXtpypTogFtcG06eZxMVG85mikQ+lmAcQGZVIPBwE0MUmelNg6dLU0hwOHe6wip53moUHGA=; X-YMail-OSG: 59_IOfwVM1nvSM9cnu18x1y0JvyHYl4oKNmqBC5duYLMPC2 7MySlpiHnEP.T0mN_OJDUiVrNbiSZE_KO8vz9lP5lIZrFSwGf60RORN3It9K 5IPwSmRbXz6gciiIXuw49Z0YOeQWzV0rFl6ijdByEsqGp6QbzuUFHwPFG_3E GP3K2eeOzuqfBG6mDM7DJXliGQ1iwzPMthNjWiMGRZjXoyFzURTztk4lUnZS gK5BMs5GfNlB9w97ZzP7cDfClkQ.BbWmgbWAev5P_PCGYprMmpt_bDtq5x.l Piy6SLHECtCDMf3TIUB0.In.28p5dUWniu5y5IlPhnpXnbV6S_kyyJHTLjG5 UA2tr5jwnfqBnMHfdVmvzU6cQwjD2tilLdZqAJqHMk_yQENrRg2o20zxuHPh hkyxzGRfeW1ssFO0UkogjGVBq5Oodm5wKFMXVuZUdh2nituvsW45GYo5q_kj prhuNH4LfqN3aF8dTuLBWwTS4Bq8sLb6nLP9m_vWxWzDU9Lv1g.EHqyWvos1 636R5Dqk.TESot5pSkFnWDLpF12TSkCFGCUSv7Qz4zl20V4pjgUC4I56nFON 48.vyyhTC2cUSElEqhcCSV3ymb1P7c8zIYMdVIk8PLQBiDV8RvrY28Z4ovm8 I0gYHnuxWd8UitCU6oP9iilciVaCao1xM.E5TgU6cuAs- Received: from [195.23.39.67] by web111505.mail.gq1.yahoo.com via HTTP; Mon, 09 Jul 2012 10:43:42 PDT X-Mailer: YahooMailWebService/0.8.120.356233 Message-ID: <1341855822.75593.YahooMailNeo@web111505.mail.gq1.yahoo.com> Date: Mon, 9 Jul 2012 10:43:42 -0700 (PDT) From: Dario Teixeira Reply-To: Dario Teixeira To: OCaml Mailing List MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Subject: [Caml-list] [ANN] ocaml-safepass 1.0 Hallo, The registration of users with login + password is a common feature in=20 web sites.=A0 And as you know, this login data is a valuable prize for attackers.=A0 Therefore I'm happy to announce the availability of version 1.0 of OCaml-safepass, a simple library offering facilities for the safe storage of user passwords.=A0 By "safe" I mean that passwords are salted and hashed using the Bcrypt algorithm [1].=A0 Salting prevents rainbow-table based attacks [2], whereas hashing by a very time-consuming algorithm such as Bcrypt renders brute-force password cracking impractical. OCaml-safepass's obvious usage domain are web applications, though it does not depend on any particular framework.=A0 Internally, OCaml-safepass binds to the C routines from Openwall's Crypt_blowfish [3].=A0 However, it would be incorrect to describe OCaml-safepass as an OCaml binding to Crypt_blowfish, because the API it exposes is higher-level and more compact than that offered by Crypt_blowfish.=A0 Moreover, OCaml-safepass's API takes advantage of OCaml's type-system to make usage mistakes nearly impossible. Here is the project website: http://ocaml-safepass.forge.ocamlcore.org/ The API documentation is also available on online: http://ocaml-safepass.forge.ocamlcore.org/apidoc/index.html Feedback is more than welcome! Best regards, Dario Teixeira [1] http://en.wikipedia.org/wiki/Bcrypt [2] http://en.wikipedia.org/wiki/Rainbow_table [3] http://www.openwall.com/crypt/