Documentation ¶
Overview ¶
Package passwordhash implements safe password hashing and comparison.
THIS PACKAGE IS DEPRECATED. SEE README.
Hashes are derived using PBKDF2-HMAC-SHA256 function with 100000 iterations (by default), 32-byte salt and 32-byte output.
This packaged is a fixed version of "passwordhash" which uses only 32 bytes of hash for comparison.
Note: you must not allow users to change parameters of PasswordHash, such as the number of iterations, directly. If a malicious user can change the number of iterations, he can set it too high, and it will lead to DoS.
Example usage:
ph := passwordhash.New("hello, world") // Store ph somewhere... // Later, when user provides a password: if ph.EqualToPassword("hello, world") { // Password's okay, user authorized... }
Index ¶
Constants ¶
const ( // Default number of iterations for PBKDF2 DefaultIterations = 100000 // Default salt length SaltLen = 32 // Default hash length. This length is also used for hash comparison // irregardless of the actual hash length. HashLen = 32 )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PasswordHash ¶
PasswordHash stores hash, salt, and number of iterations.
func New ¶
func New(password string) *PasswordHash
New returns a new password hash derived from the provided password, a random salt, and the default number of iterations. The function causes runtime panic if it fails to get random salt.
func NewIter ¶
func NewIter(password string, iter int) *PasswordHash
NewIter returns a new password hash derived from the provided password, the number of iterations, and a random salt. The function causes runtime panic if it fails to get random salt.
func NewSaltIter ¶
func NewSaltIter(password string, salt []byte, iter int) *PasswordHash
NewSaltIter creates a new password hash from the provided password, salt, and the number of iterations.
func (*PasswordHash) EqualToPassword ¶
func (ph *PasswordHash) EqualToPassword(password string) bool
EqualToPassword returns true if the password hash was derived from the provided password. This function uses constant time comparison.
IMPORTANT: To work around the 2x speedup attack, this function compares only the first 32 bytes of the given password hash.
func (*PasswordHash) String ¶
func (ph *PasswordHash) String() string
String returns a string representation of the password hash.