Documentation ¶
Overview ¶
scryptauth is a GO library for secure password handling using scrypt
It uses sha256_hmac(scrypt(user_password, salt), server_key) to protect against both dictionary attacks and DB leaks.
scryptauth additionally provides encode/decode routines using base64 to create strings for storing into a DB.
Copyright: Michael Gebetsroither 2012 (michael \x40 mgeb \x2e org)
License: BSD 2 clause
Index ¶
Examples ¶
Constants ¶
const ( // Key length and salt length are 32 bytes (256 bits) KeyLength = 32 // scrypt default parameters as used by New() DefaultR = 8 DefaultP = 1 )
Variables ¶
This section is empty.
Functions ¶
func DecodeBase64 ¶
DecodeBase64 parses "ctxID:base64(hash):base64(salt)"
Example ¶
Sample function to verify stored hash from DB
db_string := "17:3Tnrsg5-QaM7OsyRvqcBv9qS-jqGxzRIXQqvbTUf894=:HrHzQ4S016BffZ2TmwLRYYiIggfSmkwKdEtd1Pk_b-I=" contexts := make(map[uint]*Context) ctx, err := New(12, []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")) // PLEASE CHANGE THIS KEY FOR PRODUCTION USE if err != nil { fmt.Print(err) return } contexts[17] = ctx user_password := []byte("bar") ctxID, hash, salt, err := DecodeBase64(db_string) if err != nil { fmt.Print(err) return } ok, err := contexts[ctxID].Check(hash, user_password, salt) if !ok { fmt.Printf("Error wrong password for user (%s)", err) return } fmt.Print("ok")
Output: ok
func EncodeBase64 ¶
EncodeBase64 encodes into "ctxID:base64(hash):base64(salt)"
Example ¶
Sample Function to generate new password hash for storing in DB
hmac_key := []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA") // PLEASE CHANGE THIS KEY FOR PRODUCTION USE pw_cost := uint(12) ctxID := uint(17) user_password := []byte("test123") ctx, err := New(pw_cost, hmac_key) if err != nil { fmt.Print(err) return } hash, salt, err := ctx.Gen(user_password) if err != nil { fmt.Print(err) return } str := EncodeBase64(ctxID, hash, salt) fmt.Print(str)
Output:
Types ¶
type Context ¶
type Context struct { HmacKey []byte // HMAC key used to secure scrypt hash PwCost uint // PwCost parameter used to calculate N parameter of scrypt (1<<PwCost == N) R int // r parameter of scrypt P int // p parameter of scrypt }
func New ¶
New creates a new Context struct. This is a convenience function to produce a context. You might as well produce the Context struct yourself.