Documentation
¶
Index ¶
- Variables
- func CompareHashAndPassword(hashedPassword string, password string) error
- func Decrypt(encryptedString string, key []byte) (string, error)
- func Encrypt(plaintext string, key []byte) (string, error)
- func GenerateAES256GCMEncryptionKey() (encryptionKey []byte, err error)
- func HashPassword(password string) (string, error)
- type Argon2IDParameters
Constants ¶
This section is empty.
Variables ¶
var DefaultArgon2IDParameters = Argon2IDParameters{
SaltLength: 16,
Time: 2,
Memory: 19 * 1024,
Threads: 1,
KeyLength: 32,
}
Default parameters recommended by OWASP
var ErrInvalidPassword = errors.New("invalid password")
Functions ¶
func CompareHashAndPassword ¶
CompareHashAndPassword takes a hashed password string and a password, hashes the password with the same parameters as the hashed password and compares the resulting value, returning an error if they do not match.
When this function is passed an invalid hashed password string, it will hash the password with the default parameters to prevent an attacker from getting information from the timing of a login failure.
func Decrypt ¶
Decrypt decrypts a base64-encoded encrypted string using AES-256-GCM. The key must be the same 32-byte key used for encryption.
func Encrypt ¶
Encrypt encrypts a string using AES-256-GCM. The key must be 32 bytes (256 bits) long. Returns base64-encoded encrypted string.
func HashPassword ¶
Takes the password string, makes sure it's not empty, and hashes it using argon2id
Source Files