encrypt (clj)



(encrypt raw) (encrypt raw iterations) (encrypt raw iterations algorithm) (encrypt raw iterations algorithm salt)
Encrypt a password string using the PBKDF2 algorithm. The default number of iterations is 100,000. If a salt is not specified, 8 random bytes are generated from a cryptographically secure source. The default algorithm is "HMAC-SHA1". When running on JDK 1.8 "HMAC-SHA256" is also supported. The number of iterations and salt are encoded in the output in the following formats for HMAC-SHA1: <iterations>$<salt>$<encrypted password> And for all other algoritms: <iterations>$<algorithm>$<salt>$<encrypted password> The iterations, salt, and encrypted password are all Base64 encoded.


(ns crypto.password.pbkdf2-test
  (:require [clojure.test :refer :all]
            [crypto.password.pbkdf2 :as password]))

(deftest test-passwords
  (are [s] (password/check s (password/encrypt s))
    "Some rather long pass phrase perhaps out of a book or poem")

  (are [s r] (not (password/check r (password/encrypt s)))
    "a" "b"
    "a" "a "
    "aaaaa" "aaaaa\n"
    "großpösna" "grossposna")

  (are [s a] (password/check s (password/encrypt s 100000 a))
    "foo" "HMAC-SHA1"
    "foo" "HMAC-SHA256")

  (are [s r a] (not (password/check r (password/encrypt s 100000 a)))
    "foo" "bar" "HMAC-SHA1"
    "foo" "bar" "HMAC-SHA256"))