05-Password-Storage

command

v0.0.0-...-f68f4d8 Latest Latest Go to latest Published: Apr 5, 2022 License: MIT Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

never store passwords
store one-way encryption "hash" MD5 (weak), SHA1 (weak), SHA2 (good), Bcrypt(good), scrypt(good)
hash on the client and hash again on the server
you should salt the password. It means to add a random string when hashing the password

Considerations:

sha
- always returns the same hash for the same input.
- similar input produces a completly diferent hash. So someone cannot associate
- It has fixed hash size.
- Different inputs could generate the same hash.
bcrypt
- add a salt to protect against rainbow table attacks. It means the same input does not return the same hash
- default password hash for OpenBSD and some Linux distros
- cost is the computation power to give the hash. Higher the cost more time to generate it.
  - MinCost int = 4 // the minimum allowable cost as passed in to GenerateFromPassword
  - MaxCost int = 31 // the maximum allowable cost as passed in to GenerateFromPassword
  - DefaultCost int = 10 // the cost that will actually be set if a cost below MinCost is passed into GenerateFromPassword
- structure
```
    $2a$04$Ltd/XUCCAAA9tGZOcq9WaureRQm8wxTW4U7q.2BvzKwIc/KdBYnP6
    \__/\/ \__________________________________/\_______________/
    Alg Cost               Salt                        Hash
```

There is no documentation for this package.

Path	Synopsis
01-sha256
02-bcrypt