README
¶
argon2id - A utility for hashing passwords using argon2id
This library provides some additional functionality around golang.org/x/crypto/argon2 in order to provide a mechanism for serializing the hashed password with its salt and inputs and then a method for comparing a password against this serialized hash.
Getting Started
$ go get -u github.com/synacor/argon2id
Usage
// using sane defaults
hashedPassword, err := argon2id.DefaultHashPassword(password)
// $argon2id19$1,65536,4$366MYd8GMqu7TA1pkpzivA$CpSlS4AFCi9byh6RYPzzSMBF4ZPyKSYfT7ITzPQYLjE
// using custom input parameters
hashedPassword, err := argon2id.HashPassword(password, 1, 64*1024, 4, 32)
...
err := argon2id.Compare(hashedPassword, password)
if err == nil {
// passwords match
} else {
// passwords do not match
}
Command Line Tool
There's also a command line tool that can be installed:
$ go install github.com/synacor/argon2id/...
Then you can run it to generate hashes and compare hashes.
$ argon2id # user is prompted for password
# Password:<input password>
# $argon2id19$1,65536,4$5Z9wtvqXV8lL8J4YNSbmmQ$kn6Q3RZzopEcI1BreQHcVu8Jbc+Ob8XIgHEEnpieixY
$ argon2id -c '$argon2id19$1,65536,4$5Z9wtvqXV8lL8J4YNSbmmQ$kn6Q3RZzopEcI1BreQHcVu8Jbc+Ob8XIgHEEnpieixY'
# Password:<input password>
# OK - password matches hashed password
$ argon2id -c '$argon2id19$1,65536,4$5Z9wtvqXV8lL8J4YNSbmmQ$kn6Q3RZzopEcI1BreQHcVu8Jbc+Ob8XIgHEEnpieixY'
# Password:<input bad password>
# synacor/argon2id: hashedPassword is not the hash of the given password
For more information, see the help
$ argon2id -h
Documentation
¶
Overview ¶
Package argon2id provides some helper functions around hashing and comparing password hashes using Argon2id.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrInvalidArgon2Version = fmt.Errorf("synacor/argon2id: argon2 version is not %d", argon2.Version)
ErrInvalidArgon2Version is an error when the version in the hashed password does not match the version supplied by the golang.org/x/crypto/argon2 library
var ErrInvalidComplexity = errors.New("synacor/argon2id: the hashed password has invalid complexity values")
ErrInvalidComplexity is an error when a complexity value (time, memory, threads) is too large
var ErrInvalidHash = errors.New("synacor/argon2id: the hashed password is not a valid hash")
ErrInvalidHash is an error when the hashed password does not match the proper pattern
var ErrMismatchedHashAndPassword = errors.New("synacor/argon2id: hashedPassword is not the hash of the given password")
ErrMismatchedHashAndPassword is an error when the password does not hash to the hashedPassword value
Functions ¶
func Compare ¶
Compare will compare the hashedPassword with the supplied password. If unsuccessful, an error will be returned. On success, error is nil.
func DefaultHashPassword ¶
DefaultHashPassword is a convenience function that calls HashPassword() with default values
func HashPassword ¶
func HashPassword(password string, time, memory uint32, threads uint8, keyLen uint32) (string, error)
HashPassword will hash the password. If time, memory, threads or keyLen is "0", then a sane default will be used.
func IsHashedPassword ¶
IsHashedPassword will return true if hashedPassword is a proper password hashed by this library
Types ¶
This section is empty.
Source Files
Directories