phash

package module

v0.0.0-...-5613fd8 Latest Latest Go to latest Published: Jun 13, 2016 License: BSD-2-Clause Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/yhat/phash

Links

Open Source Insights

README ¶

phash

Simple password hashing in Go.

Note: If you have the choice, just use bcrypt.

package main

import (
    "fmt"
    "github.com/yhat/phash"
)

func main() {
    hash := phash.Gen("password123")
    fmt.Println(hash) // sha1$nJ1m4Cc3$1$eb0e7337ef98fc602be128a53648f4c8d736c1f4
    fmt.Println(phash.Verify("password123", hash)) // true
    fmt.Println(phash.Verify("not my pass", hash)) // false
}

Fully compatible with Node.js' password-hash

This package was initially developed so we (the Yhat Dev Team) could migrate apps from Node.js to Go without losing user password data. As a result phash will correctly verify hashes generated by the password-hash library and vice versa.

var passwordHash = require('password-hash');

var hash = "sha1$nJ1m4Cc3$1$eb0e7337ef98fc602be128a53648f4c8d736c1f4";
console.log(passwordHash.verify("password123", hash)); // true
console.log(passwordHash.verify("not my pass", hash)); // false

Thanks to jfrazelle for figuring this out a while back.

More complex hashing

By default, phash only compiles with sha1 (the default hash). To use other algorithms, you must register the hash with Go's crypto package by importing it.

phash.Generate() also lets you specify the salt length and number of iterations (the defaults are 8 and 1 respectively).

package main

import (
    _ "crypto/md5" // This will register md5 with crypto and phash
    "fmt"
    "github.com/yhat/phash"
)

func main() {
    saltLength := uint(6)
    iterations := uint(2)
    // error caused by unknown hash ignored
    hash, _ := phash.Generate("password123", "md5", saltLength, iterations)
    fmt.Println(hash) // md5$WEOJX6$2$089e13e498615a4f1b88bd64e8d713f5
}

As a caveat phash.Verify() will return false if the needed hash algorithm is not imported.

Documentation ¶

Overview ¶

Package phash implements simple functions for saltling, hashing and later verifying passwords against hashes. It is intended to be complatible with the Node.js package "password-hash".

Index ¶

func Gen(password string) string
func Generate(password, algorithm string, saltLen, iter uint) (string, error)
func Verify(password, hashedPassword string) bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Gen ¶

func Gen(password string) string

Gen converts a plain text password to a hash with a salt. It uses sha1, a salt lenght of 8, and applies the algorithm once.

func Generate ¶

func Generate(password, algorithm string, saltLen, iter uint) (string, error)

Generate converts a plain text password to a hash with a salt. It allows the caller to specify the algorithm, salt length, and number of times to apply the algorithm.

func Verify ¶

func Verify(password, hashedPassword string) bool

Verify compares a plain text password against a hash with a salt and returns true if the two match. If the hash algorithm used for the hash isn't linked to the binary, Verify automatically returns false. See http://golang.org/pkg/crypto/#RegisterHash for more details.

Types ¶

This section is empty.

Source Files ¶

View all Source files

phash.go

Directories ¶

Path	Synopsis
tests

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL