password

package module

v1.1.0 Latest Latest Go to latest Published: Jul 26, 2022 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ggicci/password

Links

Open Source Insights

README ¶

password

Password Hash & Verification with Argon2, Bcrypt

The Simplest API

type Plaintext interface {
    Password() (string, error) // generate a password hash from a plaintext
}

type Password interface {
    Verify(plaintext string) error // verify the plaintext against the loaded password hash
}

Argon2

Generate Password Hash from Plaintext

plain, err := password.NewArgon2idPlaintext("123456")
password, err := plain.Password()
// password: "$argon2id$19$2$65536$1$32$kgMI2k14vWHAbX/3hotUHQ$P/HTRZE/TuqeqJYWyDw4nhZFxBTPMIEydX291t31ZwI"

Save the above password (i.e. password hash) to your database for storage.

The above method NewArgon2idPlaintext uses recommended parameters for the Argon2 algorithm, including a 16 bytes random salt. If you want to tweak the parameters, apply the options as follows:

plain, err := password.NewArgon2idPlaintext(
    "123456",
    Argon2Time(2),
    Argon2Salt(mySalt),
    // ...
)

Verify Plaintext Password

password := password.NewArgon2idPassword("$argon2id$19$.....")
err := password.Verify("123456")
if err == nil {} // matched

Bcrypt

Generate Password Hash from Plaintext

plain, err := password.NewBcryptPlaintext("123456")
password, err := plain.Password()
// password: "$2a$10$4nPk/g81euJjqAFMoPIBkuOtu9I.WM4knB6rJ4Ll0HZa6BYODMskK"

Tweak cost parameter:

plain, err := password.NewBcryptPlaintext("123456", BcryptCost(12))

Verify Plaintext Password

password, err := password.NewBcryptPassword("$2a$10$...")
err := password.Verify("123456")
if err == nil {} // matched

BL

This package was originally desinged to facilitate access and verification of password with Argon2 algorithm. However, it should not be limited to Argon2 only. There're many other useful algorithms and sometimes we use them, e.g. bcrypt, scrypt, PBKDF2, etc.

If you thought the API this package provided is intuitive to use and hoped more algorithms be involved, feel free to file an issue. Contributions are more welcome.

Documentation ¶

Index ¶

Variables
func RandomSalt(length uint32) ([]byte, error)
type Argon2Password
- func (p *Argon2Password) Password() (string, error)
- func (p *Argon2Password) Verify(plaintext string) error
type Argon2PasswordOption
type BcryptPassword
- func (p *BcryptPassword) Password() (string, error)
- func (p *BcryptPassword) Verify(plaintext string) error
type BcryptPasswordOption
- func BcryptCost(cost int) BcryptPasswordOption
type Password
- func NewArgon2idPassword(password string) Password
- func NewBcryptPassword(password string) Password
type Plaintext
- func NewArgon2idPlaintext(plaintext string, opts ...Argon2PasswordOption) (Plaintext, error)
- func NewBcryptPlaintext(plaintext string, opts ...BcryptPasswordOption) (Plaintext, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrMissmatchedPassword    = errors.New("mismatched password")
	ErrMalformedPassword      = errors.New("malformed password")
	ErrNotArgon2idPassword    = errors.New("not an argon2id password")
	ErrUnsupportedAlgoVersion = errors.New("unsupported algorithm version")
)

Functions ¶

func RandomSalt ¶

func RandomSalt(length uint32) ([]byte, error)

RandomSalt returns a random salt of the given length.

Types ¶

type Argon2Password ¶

type Argon2Password struct {
	Time        uint32
	Memory      uint32
	Parallelism uint8
	KeyLen      uint32
	Salt        []byte
	// contains filtered or unexported fields
}

func (*Argon2Password) Password ¶

func (p *Argon2Password) Password() (string, error)

Password generates a password hash.

func (*Argon2Password) Verify ¶

func (p *Argon2Password) Verify(plaintext string) error

Verify verifies the plaintext with the password hash.

type Argon2PasswordOption ¶

type Argon2PasswordOption func(*Argon2Password)

Argon2PasswordOption is a function that can be used to configure a Argon2Password.

func Argon2KeyLen ¶

func Argon2KeyLen(keyLen uint32) Argon2PasswordOption

Argon2KeyLen sets the `keylen` parameter for Argon2 algorithm, the desired length of the returned hash. Recommended value is 32.

func Argon2Memory ¶

func Argon2Memory(memory uint32) Argon2PasswordOption

Argon2Memory sets the `memory` parameter for Argon2 algorithm, which is the memory cost, in KiB. Recommended value is 64 * 1024, i.e. 64 MB.

func Argon2Parallelism ¶

func Argon2Parallelism(parallelism uint8) Argon2PasswordOption

Argon2Parallelism sets the `parallelism` parameter for Argon2 algorithm, which is the number of threads. Recommended value is 1.

func Argon2Salt ¶

func Argon2Salt(salt []byte) Argon2PasswordOption

Argon2Salt sets the `salt` parameter for Argon2 algorithm. Recommended value is a 16 bytes random secret.

func Argon2Time ¶

func Argon2Time(time uint32) Argon2PasswordOption

Argon2Time sets the `time` parameter for Argon2 algorithm, which is the number of iterations. Recommended value is 2.

type BcryptPassword ¶ added in v1.1.0

type BcryptPassword struct {
	Cost int
	// contains filtered or unexported fields
}

func (*BcryptPassword) Password ¶ added in v1.1.0

func (p *BcryptPassword) Password() (string, error)

func (*BcryptPassword) Verify ¶ added in v1.1.0

func (p *BcryptPassword) Verify(plaintext string) error

Verify verifies the plaintext with the password hash.

type BcryptPasswordOption ¶ added in v1.1.0

type BcryptPasswordOption func(*BcryptPassword)

BcryptPasswordOption is a function that can be used to configure a BcryptPassword.

func BcryptCost ¶ added in v1.1.0

func BcryptCost(cost int) BcryptPasswordOption

type Password ¶

type Password interface {
	// Verify compares the plaintext with the hashed password.
	Verify(plaintext string) error
}

Password is a hashed password who can verify a plaintext password.

func NewArgon2idPassword ¶

func NewArgon2idPassword(password string) Password

NewArgon2idPassword loads a password hash and can be used to verify a plaintext.

func NewBcryptPassword ¶ added in v1.1.0

func NewBcryptPassword(password string) Password

type Plaintext ¶

type Plaintext interface {
	// Password returns the password hash.
	Password() (string, error)
}

Plaintext is a plaintext password and can be used to generate a password hash. Typically the hash will be stored in a database.

func NewArgon2idPlaintext ¶

func NewArgon2idPlaintext(plaintext string, opts ...Argon2PasswordOption) (Plaintext, error)

NewArgon2idPlaintext creates a plaintext password that can be hashed with Argon2id.

func NewBcryptPlaintext ¶ added in v1.1.0

func NewBcryptPlaintext(plaintext string, opts ...BcryptPasswordOption) (Plaintext, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL