About OCaml-safepass

OCaml-safepass is a library offering facilities for the safe storage of user passwords. By "safe" we mean that passwords are salted and hashed using the Bcrypt algorithm. Salting prevents rainbow-table based attacks, whereas hashing by a very time-consuming algorithm such as Bcrypt renders brute-force password cracking impractical.

OCaml-safepass's obvious usage domain are web applications, though it does not depend on any particular framework. Internally, OCaml-safepass binds to the C routines from Openwall's Crypt_blowfish. However, it would be incorrect to describe OCaml-safepass as an OCaml binding to Crypt_blowfish, because the API it exposes is higher-level and more compact than that offered by Crypt_blowfish. Moreover, OCaml-safepass's API takes advantage of OCaml's type-system to make usage mistakes nearly impossible.

OCaml-safepass is developed by Dario Teixeira and is licensed under the terms of the GNU LGPL 2.1 with the usual OCaml linking exception.


OCaml-safepass has no external dependencies. Note that it bundles the Public Domain licensed crypt_blowfish.h and crypt_blowfish.c files from Openwall's Crypt_blowfish.

Downloads and development

OCaml-safepass is distributed in source-code form. You can get all releases from the project's page at GitHub or the OCaml Forge. The latest version is OCaml-safepass 2.0, released on 2016-06-21.

Bulding and Installing

OCaml-safepass uses OASIS. Building and installing follows the costumary configure, make, and make install sequence. To generate the ocamldoc API documentation, run make doc.


You can browse the Ocamldoc generated API documentation online.