Question 1

How to implement password hashing with Comeonin in a Phoenix app?

Accepted Answer

First, choose and add a library like argon2_elixir to your mix.exs dependencies, then use its functions through the Comeonin behaviours for hashing and verifying passwords. Refer to the Comeonin wiki for detailed guides on integration and best practices.

Question 2

Is Comeonin secure enough for production password storage?

Accepted Answer

Yes, by promoting algorithms like Argon2, which is currently considered the strongest against GPU attacks, Comeonin ensures secure implementations. However, security depends on proper configuration and using the recommended libraries from trusted sources.

Question 3

Comeonin vs bcrypt_elixir: which one should I use?

Accepted Answer

Comeonin is a specification that bcrypt_elixir implements, so you use bcrypt_elixir via Comeonin's interface. Choose based on algorithm: Argon2 is recommended for max security, Bcrypt for compatibility, or Pbkdf2 for Windows ease, as per the README's guidance.

Question 4

How to upgrade from an older version of Comeonin to version 5?

Accepted Answer

Check the UPGRADE_v5 guide linked in the README, which explains the changes from library to specification. You'll likely need to update dependencies and adjust code to use the new behaviours instead of direct Comeonin module calls.

Question 5

Can I use Comeonin on Heroku or other cloud platforms?

Accepted Answer

Yes, but ensure your chosen library's C dependencies compile correctly in the cloud environment. The README's deployment wiki suggests using Docker or pre-compiled binaries, and Pbkdf2 is a fallback for pure-Elixir compatibility.

Question 6

What are the performance trade-offs with Argon2 in Comeonin?

Accepted Answer

Argon2 is computationally intensive by design to resist attacks, so it may slow down authentication under high load. Tune its work factors based on your server's capabilities, as detailed in the library documentation, to balance security and performance.

comeonin

What is comeonin?

Overview

Use Cases

Best For

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions