README
¶
argonhasher
A simple wrapper to produce an argon2 key from a plaintext password
Documentation
¶
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var (
ErrInputInvalid = fmt.Errorf("input arguments invalid")
)
Functions ¶
func Confirm ¶ added in v0.3.0
We will hash the provided strings using the arguments stored in the provided hash to compare against. this will allow us change the defaults and still compare against existing passwords.:
Example ¶
/*
the plain text password hashed in the Encode example
*/*/
pw := "c2BDNoW38DStXvzP"
/*
Check password attempts against a hash produced using the Encode example
*/*/
hashedPassword := "$argon2id$v=19$t=6,m=196609,p=5$1NTc5r54Kft32HOA/SWYvOjpt6XNTE1MkGoiOsNSwjR9YhoV8guCpIWezymtmcuCODN4PqW0fylGip6yy39o1g$HB2H5fRxY+ev52xWrjoW8w"
/*
Incorrect password should return error
*/*/
pwAttempt1 := "password"
valid := Confirm(pwAttempt1, hashedPassword)
if !valid {
fmt.Println("Mismatched Password")
}
/*
Incorrect password should return error
*/*/
pwAttempt2 := "123456"
valid = Confirm(pwAttempt2, hashedPassword)
if !valid {
fmt.Println("Mismatched Password")
}
/*
Correct password, should return nil error
*/*/
valid = Confirm(pw, hashedPassword)
if !valid {
fmt.Println("Mismatched Password")
}
fmt.Println("Password OK?:", valid)
Output: Mismatched Password Mismatched Password Password OK?: true
func Encode ¶
Encode creates an argon2 hash from a plaintext password. It encodes using hardcoded defaults, with the cost providing a multiplier to the resources required. A cost set to zero will provide a strong default option, and is recommended The function returns a standard format argon2 hash string if the hash completes without error, otherwise an empty string is returned.
Example ¶
/* the plain text password to hash with argon2 */*/ pw := "c2BDNoW38DStXvzP" /* the cost (difficulty) of the computation to produce the hash. if 0, the Encode function chooses a sensible, secure default */ */ var cost uint = 0 /* Produce the hash. Each hash generates a unique salt so no two hashes should be equal. The hash, salt, and encoding options are all stored in the string, */ */ hashedPassword1 := Encode(pw, cost) hashedPassword2 := Encode(pw, cost) fmt.Println(hashedPassword1 == hashedPassword2)
Output: false
Types ¶
type KDFconfig ¶
type KDFconfig struct {
/*
Salt is the base64 string used to salt our derived keys.
*/
Salt []byte
/*
SaltLength
length of random-generated salt
min 16 bytes recommended for password hashing)
*/
SaltLength uint
/*
Time (i.e. iterations) - t
number of iterations or pass throughs to perform
*/
Time uint32
/*
Memory - m
amount of memory (in kilobytes) to use
*/
Memory uint32
/*
Threads (parallelism) p: degree of parallelism (i.e. number of threads)
*/
Threads uint8
/*
KeyLen T: desired number of returned bytes
128 bit (16 bytes) sufficient for most applications
*/
KeyLen uint32
}
KDFconfig is the base struct for argonhasher, the Argon2id wrapper. It uses the standard library's argon2 IDKey function: func IDKey(password, salt []byte, time, memory uint32, threads uint8, keyLen uint32) []byte $argon2id$v=19$t=10,m=65536,p=8$SALT$HASH
Source Files