README
¶
Acrypt
Overview
Secure password hashing using the Argon2id hashing algorithm. There is a simple API that works with strings, but also an API similar to that of the popular Bcrypt library.
Usage
Simple API
Hashing a password
pwd := "secret"
hash, err := Hash(pwd)
if err != nil {
log.Print(err)
}
fmt.Println(hash)
Verifying a password
pwd := "secret"
hash, err := Hash(pwd)
if err != nil {
log.Print(err)
}
if Verify(hash, pwd) {
log.Println("the password is good")
}
Bcrypt-like API
Hashing a password
pwd := []byte("secret")
hash, err := GenerateFromPassword(pwd, DefaultConfig)
if err != nil {
log.Print(err)
}
fmt.Println(hash)
Verifying a password
pwd := []byte("secret")
hash, err := GenerateFromPassword(pwd, DefaultConfig)
if err != nil {
log.Print(err)
}
if CompareHashAndPassword(hash, pwd) == nil {
log.Println("the password is good")
}
Documentation
¶
Overview ¶
Package acrypt provides an interface similar to the bcrypt library interface, but uses the Argon2id hashing algorithm for improved security. It also provides a slightly simpler interface, convenient for implementations that do not need to use the Bcrypt one.
Index ¶
Examples ¶
Constants ¶
const HashID = "$argon2id"
HashID exposes a constant identifier that can be used to refer to hashes generated by this library. Every hash will also be prefixed with this value, allowing clients to quickly test hashes for type.
Variables ¶
var DefaultConfig = &Config{
MemoryKB: 1 << 16,
Times: 3,
Parallelism: 2,
SaltLength: 16,
KeyLength: 32,
}
DefaultConfig defines the Argon2 hashing parameters used by default. Values for several of the parameters are recommended in the RFC draft: https://tools.ietf.org/html/draft-irtf-cfrg-argon2-04#section-3.1 The default configuration is exposed, so the values can be updated at the package level, allowing developers to customize the configuration while still leveraging the simpler.
Functions ¶
func CompareHashAndPassword ¶
CompareHashAndPassword compares an acrypt hashed password with its possible plaintext equivalent. It returns nil upon success.
Example ¶
pwd := []byte("secret")
hash, err := GenerateFromPassword(pwd, DefaultConfig)
if err != nil {
fmt.Print(err)
}
if CompareHashAndPassword(hash, pwd) == nil {
fmt.Println("the password is good")
}
Output: the password is good
func GenerateFromPassword ¶
GenerateFromPassword returns a hash generated using the configuration parameters provided for the Argon2id hashing algorithm. If the config param is nil, then the default config values will be used.
Example ¶
pwd := []byte("secret")
hash, err := GenerateFromPassword(pwd, DefaultConfig)
if err != nil {
fmt.Print(err)
}
fmt.Println(string(hash))
Output:
func Hash ¶
Hash a password string using the package level `DefaultConfig`.
Example ¶
pwd := "secret"
hash, err := Hash(pwd)
if err != nil {
fmt.Print(err)
}
fmt.Println(hash)
Output:
Source Files