passwords

package module

v0.0.0-...-7a030d3 Latest Latest Go to latest Published: Jul 31, 2022 License: BSD-3-Clause Imports: 0 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hf/passwords

Links

Open Source Insights

README ¶

Go Passwords

A package of properly modified password hashing algorithms that cooperate with other Goroutines. Ideal for building web servers doing password hashing.

Please read Go and passwords for more information on why you should use this package instead of:

golang.org/x/crypto/argon2
golang.org/x/crypto/bcrypt
golang.org/x/crypto/scrypt
golang.org/x/crypto/pbkdf2

How to use

Instead of using golang.org/x/crypto use github.com/hf/passwords. You'll find argon2, bcrypt, scrypt, and pbkdf2 as supbackages.

These packages expose the same API as the native implementation, but also add WithContext methods which allow you to cancel / timeout password hashing.

Inside the metrics package you will find some useful metrics:

NumOutstanding() is the number of password hashing runs waiting in a queue.
DurationMovingAverage4() is a 4-point moving average of the duration of password hashing runs.
DurationQueue() gives you the duration likely needed to clear out the current queue of runs.

You can use these to implement better auto-scaling strategies, as well as give you the ability to reject new password hashing runs if the system is too full to handle them.

Security

Please reach out to me directly over email sdimitrovski@gmail.com. Note that the algorithms are as-implemented by the Go Authors, so be sure to also submit a report there.

License

See LICENSE for the full text. It's a BSD-style license.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

passwords.go

Directories ¶

Path	Synopsis
argon2 Package argon2 implements the key derivation function Argon2.	Package argon2 implements the key derivation function Argon2.
bcrypt Package bcrypt implements Provos and Mazières's bcrypt adaptive hashing algorithm.	Package bcrypt implements Provos and Mazières's bcrypt adaptive hashing algorithm.
internal
metrics
pbkdf2 Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC 2898 / PKCS #5 v2.0.	Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC 2898 / PKCS #5 v2.0.
scrypt Package scrypt implements the scrypt key derivation function as defined in Colin Percival's paper "Stronger Key Derivation via Sequential Memory-Hard Functions" (https://www.tarsnap.com/scrypt/scrypt.pdf).	Package scrypt implements the scrypt key derivation function as defined in Colin Percival's paper "Stronger Key Derivation via Sequential Memory-Hard Functions" (https://www.tarsnap.com/scrypt/scrypt.pdf).

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL