README
¶
passwd
Password hashing with argon2id, winner of the Password Hashing Competition in 2015. A replacement for bcrypt.
Usage
By default, it will use the basic configuration suggested for the argon2id hasher:
package main
import (
"log"
"github.com/alextanhongpin/passwd"
)
func main() {
password := []byte("your raw text password")
hash, err := passwd.Encrypt(password)
if err != nil {
log.Fatal(err)
}
log.Println(hash)
match, err := passwd.Compare(hash, password)
if err != nil {
log.Fatal(err)
}
if !match {
log.Fatal("password do not match")
}
}
Output:
$argon2id$m=65536,t=2,p=4$HvNaNwCf4Bn55RLuR8uu1g==$e7ZgRsnRbZaFkXs2ogmbD5dt/mF5B0IAvOTYDr0ebZI=
Custom
There is a factory provided to customize the configuration for the hasher:
package main
import (
"log"
"github.com/alextanhongpin/passwd"
)
func main() {
hasher := passwd.New(
passwd.Time(2),
passwd.Memory(64*1024),
passwd.Parallelism(4),
passwd.SaltLen(32),
passwd.KeyLen(100),
)
password := []byte("secret")
hash, err := hasher.Encrypt(password)
if err != nil {
log.Fatal(err)
}
log.Println(hash)
match, err := hasher.Compare(hash, password)
if err != nil {
log.Fatal(err)
}
if !match {
log.Fatal("password do not match")
}
}
Output:
$argon2id$m=65536,t=2,p=4$ylby4LzuL0HRUW8MYKabENOgbX1NhOBSMDxSRkAMkQQ=$iDtW/fLs+vxsZQeDu3Aq/5JB9wTq4qG2OksocjLcdg0LaxTdOJtLHaDvN65XZB1ypP4v+K4rTOKQUHNaBWKNt/4fDNOVTXT5KExrZ+jRi+n1Wwd7L
BXVhqGofieSZRoPiBv1YA==
Documentation
¶
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrUnknownHashFunction = errors.New("passwd: unknown password hashing function identifier") ErrPasswordRequired = errors.New("passwd: password is required") ErrPasswordInvalid = errors.New("passwd: password is invalid") ErrHashInvalid = errors.New("passwd: hash is invalid") ErrGenerateSalt = errors.New("passwd: generate salt failed") ErrBase64Decode = errors.New("passwd: base64 decoding failed") )
Functions ¶
func Compare ¶
Compare attempts to compare the password with the hash in constant-time compare.
Example ¶
package main
import (
"log"
"github.com/alextanhongpin/passwd"
)
func main() {
password := []byte("your raw text password")
hash, _ := passwd.Encrypt(password)
match, err := passwd.Compare(hash, password)
if err != nil {
log.Fatal(err)
}
if match != true {
log.Fatal("password do not match")
}
}
Output:
func ConstantTimeCompare ¶
ConstantTimeCompare compares two strings in constant time.
func Encrypt ¶
Encrypt takes a password and return a phc-formatted hash. PHC stands for password hashing competition.
Reference: https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md https://crypto.stackexchange.com/questions/48935/why-use-argon2i-or-argon2d-if-argon2id-exists
Example ¶
package main
import (
"log"
"github.com/alextanhongpin/passwd"
)
func main() {
password := []byte("your raw text password")
hash, err := passwd.Encrypt(password)
if err != nil {
log.Fatal(err)
}
log.Println(hash)
}
Output:
Types ¶
type Argon2id ¶
type Argon2id struct {
// contains filtered or unexported fields
}
Argon2id contains the configuration for the argon2id hashing function.
func New ¶
New returns a new argon2id hasher with default configurations if none is provided.
Example ¶
package main
import (
"log"
"github.com/alextanhongpin/passwd"
)
func main() {
hasher := passwd.New(
passwd.Time(2),
passwd.Memory(64*1024),
passwd.Parallelism(4),
passwd.SaltLen(32),
passwd.KeyLen(100),
)
password := []byte("secret")
hash, err := hasher.Encrypt(password)
if err != nil {
log.Fatal(err)
}
log.Println(hash)
match, err := hasher.Compare(hash, password)
if err != nil {
log.Fatal(err)
}
if match != true {
log.Fatal("password do not match")
}
}
Output:
Source Files