cdepillabout · blackheaven · Oct 4, 2025 · Oct 7, 2025
diff --git a/README.md b/README.md
@@ -29,3 +29,5 @@ and
 
 In general, if you are writing a web application and need to handle passwords,
 you should use the `password` package together with `password-instances`.
+
+This project also provides [password-cli](./password-cli) a CLI to test and use `password`.
diff --git a/password-cli/README.md b/password-cli/README.md
@@ -70,7 +70,7 @@ Just like when hashing a password, you can input the password manually, through
 by providing a `--password-file`.
 ```console
 $ # Interactively check password
-$ password-cli check argon2 --hash "SOME-HASH"
+$ password-cli check argon2 --hash 'SOME-HASH'
 Enter password:
 Password matches provided hash
 $ echo $?
@@ -80,14 +80,18 @@ If the provided hash doesn't match the password, `Password does not match provid
 will be shown and the exit code will be `1` to indicate a failed match.
 ```console
 $ # Pipe in the password.
-$ cat password.txt | password-cli check argon2 --hash "SOME-HASH" --quiet
+$ cat password.txt | password-cli check argon2 --hash 'SOME-HASH' --quiet
 $ echo $?
 0
 $ # Give the WRONG password file.
-$ password-cli check argon2 --hash "SOME-HASH" --password-file password.txt.wrong --quiet
+$ password-cli check argon2 --hash 'SOME-HASH' --password-file password.txt.wrong --quiet
 $ echo $?
 1
 ```
+NOTE: When giving literal hashes as arguments in the terminal,
+it is advised to use single quotes (`'`) instead of double quotes (`"`)
+to prevent any accidental interpolation as some hashes use
+dollar signs (`$`) in the format.
 
 You can also provide the hash from file contents by providing the path to the `--hash-file`
 option. Just like the default of the `--password-file` option, this will only read up to the

diff --git a/password/README.md b/password/README.md
@@ -8,7 +8,7 @@
 
 This library provides functions for working with passwords and password hashes in Haskell.
 
-Currently supports the following algorithms:
+It currently supports the following algorithms:
 
 * `PBKDF2`
 * `bcrypt`
@@ -17,3 +17,5 @@ Currently supports the following algorithms:
 
 Also, see the [password-instances](https://hackage.haskell.org/package/password-instances)
 package for instances for common typeclasses.
+
+To quickly test and use `password`, you can use [password-cli](https://github.com/cdepillabout/password/tree/master/password-cli).
diff --git a/password/src/Data/Password/Argon2.hs b/password/src/Data/Password/Argon2.hs
@@ -33,6 +33,15 @@ being the newest algorithm out there.
 It is, however, recommended over @'Data.Password.Scrypt.Scrypt'@ most of the time,
 and it also seems like it might become the go-to password algorithm if no
 vulnarabilities are discovered within the next couple of years.
+
+== Testing
+
+You can use [password-cli](https://github.com/cdepillabout/password/tree/master/password-cli) to test it:
+
+> $ password-cli check argon2 --hash 'SOME-HASH'
+
+> $ password-cli hash argon2 --password-file password.txt
+
 -}
 
 -- I think the portability is broadened to

diff --git a/password/src/Data/Password/Bcrypt.hs b/password/src/Data/Password/Bcrypt.hs
@@ -42,6 +42,15 @@ Now while the very first version of @bcrypt@ would have hashes that were 59 char
 because of the 1 character-long "$2$" version prefix, @bcrypt@ has had a version increase shortly
 after release, turning the prefix into a 2 character-long one like "$2a$" pretty
 much from the very beginning.
+
+== Testing
+
+You can use [password-cli](https://github.com/cdepillabout/password/tree/master/password-cli) to test it:
+
+> $ password-cli check bcrypt --hash 'SOME-HASH'
+
+> $ password-cli hash bcrypt --password-file password.txt
+
 -}
 
 module Data.Password.Bcrypt (

diff --git a/password/src/Data/Password/PBKDF2.hs b/password/src/Data/Password/PBKDF2.hs
@@ -35,6 +35,15 @@ When unsure, @'Data.Password.Bcrypt.Bcrypt'@
 would probably be the safest option, as it has no memory cost which
 could become a problem if not properly calibrated to the machine
 doing the password verifications.
+
+== Testing
+
+You can use [password-cli](https://github.com/cdepillabout/password/tree/master/password-cli) to test it:
+
+> $ password-cli check pbkdf2 --hash 'SOME-HASH'
+
+> $ password-cli hash pbkdf2 --password-file password.txt
+
 -}
 
 module Data.Password.PBKDF2 (

diff --git a/password/src/Data/Password/Scrypt.hs b/password/src/Data/Password/Scrypt.hs
@@ -30,6 +30,15 @@ thus is fine for protection against brute-force attacks.
 Because of the memory cost, it is generally advised to use
 @'Data.Password.Bcrypt.Bcrypt'@ if you're not sure this might be a
 problem on your system.
+
+== Testing
+
+You can use [password-cli](https://github.com/cdepillabout/password/tree/master/password-cli) to test it:
+
+> $ password-cli check scrypt --hash 'SOME-HASH'
+
+> $ password-cli hash scrypt --password-file password.txt
+
 -}
 
 module Data.Password.Scrypt (
Original file line number	Diff line number	Diff line change
Expand Up		@@ -29,3 +29,5 @@ and

		In general, if you are writing a web application and need to handle passwords,
		you should use the `password` package together with `password-instances`.

		This project also provides [password-cli](./password-cli) a CLI to test and use `password`.