Default password authentication timing settings: base wait (seconds), random wait range, and extra delay when user does not exist.

Checks if the given plain text password is correct by comparing it with the result of calling all checkers in the given encryption suite with memorized options applied.

Encrypts the given plain text password using all encryption functions in the given encryption suite.

Returns prepared settings associated with key k.

Tries to get an encryption handler from an entry map by accessing :handler key or using :handler-id as fallback (and dereferencing it).

Converts JSON data to suite by applying transformations to keys described by tr-map. If no map is given the json-translation is used.

Builds salt bytes from random core with optional prefix and suffix.

Converts binary fields in a crypto entry to string representation.

Alias for human-readable-suite.

Converts every entry in suite to human-readable form.

Initializes password settings from auth config and optional logger.

Initializes wait function and derived wait configuration values.

Translation map for JSON deserialization: converts Base64-encoded fields back to byte arrays and :handler-id to a symbol.

Translation map for JSON serialization: converts byte-array fields to URL-safe Base64 strings.

Merges shared and intrinsic suite chains entry-wise.

Accepts either a Suites value or explicit suite chains.

Builds checker function for split suites or separate shared/intrinsic chains.

Builds encryptor function returning split shared/intrinsic suites.

Builds checker function for JSON-encoded shared and intrinsic suites.

Builds encryptor function returning SuitesJSON (shared and intrinsic).

Post-parses JSON data by transforming certain values with the given translation map.

Prepares suite entry for JSON serialization using translation map tr-map.

Merges provided settings with defaults and removes empty values.

Returns normalized printable handler names from a suite definition.

Generates cryptographically strong random salt bytes.

Generates random salt string of length from possible-chars.

Extracts shared part of a single crypto entry.

Alias for shared-suite.

Extracts shared parts for all entries in suite.

Splits a cipher entry or a password into two parts and returns a Suite record with two fields :shared and :intrinsic with these parts.

Alias for split-suite.

Splits all entries in suite into Suites with shared/intrinsic chains.

Performs a standard authentication check based on the provided plain text password given as the second argument). The first argument should be an encryption function used to perform the encryption operation on the provided password and compare the result with the encrypted password that should be provided as third argument or as a value associated with the :password key if this argument is a map. The last argument should be settings map that will be passed to the encryption function.

This is a low-level function that is intended to be used by different authentication modules which are implementing pretty standard way of checking the password.

Converts the given suite to JSON format.

Sleeps for wait-start seconds plus random delay up to wait-randmax.