bcryptx

package module

v0.1.1 Latest Latest Go to latest Published: Aug 25, 2018 License: MIT Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/codemodus/bcryptx

Links

Open Source Insights

README ¶

bcryptx

go get "github.com/codemodus/bcryptx"

Package bcryptx automates the tuning of bcrypt costs based on an environment's available processing resources. Concurrency throttling is provided, as well as convenience functions for making use of tuned costs with bcrypt functions.

quickCost should be used when a hash should be accessible quickly. strongCost should be used when the delay of processing can be mitigated.

Usage

type Bcrypter
    func New(opts *Options) *Bcrypter
    func (bc *Bcrypter) CompareHashAndPass(hash, pass string) error
    func (bc *Bcrypter) CurrentQuickCost() (int, error)
    func (bc *Bcrypter) CurrentStrongCost() (int, error)
    func (bc *Bcrypter) GenQuickFromPass(pass string) (string, error)
    func (bc *Bcrypter) GenStrongFromPass(pass string) (string, error)
    func (bc *Bcrypter) IsCostQuick(hash string) bool
    func (bc *Bcrypter) IsCostStrong(hash string) bool
    func (bc *Bcrypter) Tune() error
    func (bc *Bcrypter) ValidateHash(hash string) error
type Options

Setup

import (
    "github.com/codemodus/bcryptx"
)

func main() {
    // ...

    bcxOpts := &bcryptx.Options{
        GenQuickMaxTime:  time.Millisecond * 400, // default is 500ms
        GenStrongMaxTime: time.Millisecond * 1600, // default is 2000ms
        GenConcurrency:   1, // default is 2
    }

    // To use defaults, provide nil instead of a bcryptx.Options object.
    bcx := bcryptx.New(bcxOpts)
	if err := bcx.Tune(); err != nil {
		// ...
	}

    hash, err := bcx.GenQuickFromPass("12345")
    if err != nil {
        // ...
    }

    // ...
}

Beyond Setup

func main() {
    // ...
    
    if err := bcx.CompareHashAndPass(hash, "spaceballs"); err != nil {
        // Generated hash for "12345", tested for "spaceballs".
    }

    if ok := bcx.IsCostStrong(hash); !ok {
        // Hashed quick, wanted strong.
    }
    
    // ...
}

More Info

Notes On Tuning

The tuning algorithm produces a handful of low-cost hashes and uses the resulting durations to interpolate the durations of hashes with higher costs.
It is preferable to tune during times of normal resource consumption. While it is reasonable to run Tune in a goroutine, be mindful of concurrent processing burdens. With some basic consideration, tuning will produce satisfactory results which grow in security along with provisioned resources. Also worth noting is that interpolated hash durations are quantized to the nearest hundreth of a second.

Documentation

View the GoDoc

Benchmarks

N/A

Documentation ¶

Overview ¶

Package bcryptx automates the tuning of bcrypt costs based on an environment's available processing resources. Concurrency throttling is provided, as well as convenience functions for making use of tuned costs with bcrypt functions.

quickCost should be used when a hash should be accessible quickly. strongCost should be used when the delay of processing can be mitigated.

Example ¶

package main

import (
	"fmt"
	"time"

	"github.com/codemodus/bcryptx"
)

func main() {
	bcxOpts := &bcryptx.Options{
		GenQuickMaxTime:  time.Millisecond * 400,  // default is 500
		GenStrongMaxTime: time.Millisecond * 1600, // default is 2000
		GenConcurrency:   1,                       // default is 2
	}

	// To use defaults, provide nil instead of a bcryptx.Options object.
	bcx := bcryptx.New(bcxOpts)
	if err := bcx.Tune(); err != nil {
		fmt.Println(err)
	}

	hash, err := bcx.GenQuickFromPass("12345")
	if err != nil {
		fmt.Println(err)
	}

	if err := bcx.CompareHashAndPass(hash, "spaceballs"); err != nil {
		fmt.Println(`Generated hash for "12345", tested for "spaceballs".`)
	}

	if ok := bcx.IsCostStrong(hash); !ok {
		fmt.Println("Hashed quick, wanted strong.")
	}

}

Output:

Generated hash for "12345", tested for "spaceballs".
Hashed quick, wanted strong.

Examples ¶

Package

Constants ¶

View Source

const (
	// GenQuickMaxTime is the default max time used for tuning
	// Bcrypter.quickCost.
	GenQuickMaxTime = time.Millisecond * 500

	// GenStrongMaxTime is the default max time used for tuning
	// Bcrypter.strongCost.
	GenStrongMaxTime = time.Millisecond * 2000

	// GenConcurrency is the default goroutine count used for Gen*FromPass.
	GenConcurrency = 2
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Bcrypter ¶

type Bcrypter struct {
	// contains filtered or unexported fields
}

Bcrypter provides an API for bcrypt functions with "quick" or "strong" costs. Tune is called on first use of Gen*FromPass if not already called directly.

func New ¶

func New(opts *Options) *Bcrypter

New returns a new Bcrypter based on Options values or defaults.

func (*Bcrypter) CompareHashAndPass ¶

func (bc *Bcrypter) CompareHashAndPass(hash, pass string) error

CompareHashAndPass returns an error if comparison fails or any error encountered during handling.

func (*Bcrypter) CurrentQuickCost ¶

func (bc *Bcrypter) CurrentQuickCost() (int, error)

CurrentQuickCost returns the quickCost as set by Tune.

func (*Bcrypter) CurrentStrongCost ¶

func (bc *Bcrypter) CurrentStrongCost() (int, error)

CurrentStrongCost returns the strongCost as set by Tune.

func (*Bcrypter) GenQuickFromPass ¶

func (bc *Bcrypter) GenQuickFromPass(pass string) (string, error)

GenQuickFromPass returns a hash produced using Bcrypter.quickCost or any error encountered during handling.

func (*Bcrypter) GenStrongFromPass ¶

func (bc *Bcrypter) GenStrongFromPass(pass string) (string, error)

GenStrongFromPass returns a hash produced using Bcrypter.strongCost or any error encountered during handling.

func (*Bcrypter) IsCostQuick ¶

func (bc *Bcrypter) IsCostQuick(hash string) bool

IsCostQuick returns false if the apparent cost of the hash is lower than the provided cost, or if any errors are encountered during hash analysis.

func (*Bcrypter) IsCostStrong ¶

func (bc *Bcrypter) IsCostStrong(hash string) bool

IsCostStrong returns false if the apparent cost of the hash is lower than the provided cost, or if any errors are encountered during hash analysis.

func (*Bcrypter) Tune ¶

func (bc *Bcrypter) Tune() error

Tune sets the quick and strong costs based on provided max times. Appropriate costs are determined by producing a handful of low-cost hashes, then using the resulting durations to interpolate the durations of hashes with higher costs.

func (*Bcrypter) ValidateHash ¶

func (bc *Bcrypter) ValidateHash(hash string) error

ValidateHash returns an error if the provided argument is not a valid hash.

type Options ¶

type Options struct {
	// GenQuickMaxTime is the max time used for tuning Bcrypter.quickCost.
	GenQuickMaxTime time.Duration

	// GenStrongMaxTime is the max time used for tuning Bcrypter.strongCost.
	GenStrongMaxTime time.Duration

	// GenConcurrency is the goroutine count used for Gen*FromPass.
	GenConcurrency int
}

Options holds values to be passed to New.

Source Files ¶

View all Source files

bcryptx.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL