Documentation
¶
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrNotMatch = errors.New("zscrypt: password hash value not match") ErrShortHash = errors.New("zscrypt: password hash is too short") )
Functions ¶
This section is empty.
Types ¶
type SCrypt ¶
type SCrypt struct {
// contains filtered or unexported fields
}
SCrypt is the hasher type for golang.org/x/crypto/scrypt.
func New ¶
New returns a new instance of SCrypt hasher with given parameters. The parameters n, r, p and keyLen are passed to the golang.org/x/crypto/scrypt.Key.
Parameter ranges:
- 0 <= saltLen
- 1 < n. n must be power of 2
- n <= math.MaxInt/128/r
- r*p < 1<<30 (1,073,741,824)
- r <= math.MaxInt/128/p
- r <= math.MaxInt/256
Recommended parameters:
- n=32768,r=8,p=1,keyLen=32 (https://datatracker.ietf.org/doc/draft-ietf-kitten-password-storage/)
- n=131072,r=8,p=1,keyLen=32 (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)
- n=65536,r=8,p=2,keyLen=32 (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)
- n=32768,r=8,p=3,keyLen=32 (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)
- n=16384,r=8,p=5,keyLen=32 (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)
- n=8192,r=8,p=10,keyLen=32 (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)
func (*SCrypt) Compare ¶
Compare compares hashed password and the password. If the hashed value of the pw matched to the hashedPW, it returns nil. If not matched, it returns non-nil error.
Example ¶
package main
import (
"crypto/rand"
"encoding/hex"
"fmt"
"strings"
"github.com/aileron-projects/go/zcrypto/zscrypt"
)
func main() {
// Replace rand reader temporarily for testing.
tmp := rand.Reader
rand.Reader = strings.NewReader("12345678901234567890")
defer func() { rand.Reader = tmp }()
hashedPW, _ := hex.DecodeString("313233343536373839302c717880aa40e2d11cc48c684730cd6f6d87fd2bc7f2aea2ec1246d7019461d2")
crypt, err := zscrypt.New(10, 32768, 8, 1, 32)
if err != nil {
panic(err)
}
err = crypt.Compare(hashedPW, []byte("password"))
if err != nil {
panic(err)
}
fmt.Println("Is password correct? :", err == nil)
}
Output: Is password correct? : true
func (*SCrypt) Equal ¶
Equal reports if the given hashed password and the password are the same or not.
func (*SCrypt) Split ¶
Split splits the hashed password into salt and hash value of the password. If the hashedPW is too short, it returns ErrShortHash.
func (*SCrypt) Sum ¶
Sum returns the hash sum value of the password. Salt is joined at the left side of the returned sum. Use SCrypt.Split to split salt and the sum of the password.
Example ¶
package main
import (
"crypto/rand"
"encoding/hex"
"fmt"
"strings"
"github.com/aileron-projects/go/zcrypto/zscrypt"
)
func main() {
// Replace rand reader temporarily for testing.
tmp := rand.Reader
rand.Reader = strings.NewReader("12345678901234567890")
defer func() { rand.Reader = tmp }()
saltLen := 10
crypt, err := zscrypt.New(saltLen, 32768, 8, 1, 32)
if err != nil {
panic(err)
}
hashedPW, err := crypt.Sum([]byte("password"))
if err != nil {
panic(err)
}
fmt.Println("salt :", hex.EncodeToString(hashedPW[:saltLen]))
fmt.Println("pw hash :", hex.EncodeToString(hashedPW[saltLen:]))
fmt.Println("overall :", hex.EncodeToString(hashedPW))
}
Output: salt : 31323334353637383930 pw hash : 2c717880aa40e2d11cc48c684730cd6f6d87fd2bc7f2aea2ec1246d7019461d2 overall : 313233343536373839302c717880aa40e2d11cc48c684730cd6f6d87fd2bc7f2aea2ec1246d7019461d2
Source Files