password

package module

v0.0.0-...-f76e6ef Latest Latest Go to latest Published: Mar 6, 2019 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cedrikkaufmann/go-password

Links

Open Source Insights

README ¶

Go-Password

This package is used to simply hash a password using the argon2i or argon2id implementation. Despite this, the package is able to encode/decode a given hash, salt and params to a base64 string.

Argon2 implementation

This package uses the default golang.org/x/crypto/argon2 package.

Usage

To generate a new hash of a password just use func HashArgon2(password string, p *Argon2Params) ([]byte, []byte, error),whereas the first returned byte array is the actual hash and the second one the salt.

If you want to use your own salt just use func HashArgon2Raw(clear []byte, salt []byte, p *Argon2Params) ([]byte, error).

To encode a a given hash and salt use func EncodeArgon2(hash []byte, salt []byte, p *Argon2Params) (string, error) and for decoding func DecodeArgon2(enc string) ([]byte, []byte, *Argon2Params, error).

The package also provides a verification mechanism to verfiy an encoded hash against a given passwort, to do so use func VerifyArgon2(password string, encodedHash string) (bool, error)

For params please have a look at the argon2 documentation and use the following struct.

type Argon2Params struct {
	Algorithm  Argon2Algorithm
	SaltLength uint32
	KeyLength  uint32
	Time       uint32
	Memory     uint32
	Threads    uint8
}

Example

In this two examples, we provide a brief overview of how to use this package, to first create a new hash of a given passwort and in the second one we will show you how to verify a password.

Generate new hash:

user := "john@example.com"
passwort := "some_password_eg_from_webform"

params := &password.Argon2Params{
    Algorithm: password.AlgorithmArgon2id,
    SaltLength: 16,
    KeyLength: 32,
    Time: 3,
    Memory: 64*1024,
    Threads: 4,
}

hash, salt, err := password.HashArgon2(password, params)

if err != nil {
    panic(err)
}

enc, err := password.EncodeArgon2(hash, salt, params)

if err != nil {
    panic(err)
}

db.SaveHash(user, enc) // This is not part of the package, just an example usage of the encoded hash, for future authentication

Authenticate a user's password:

user := "john@example.com"
password := "some_password_eg_from_webform"

userHash := db.GetHash(user)

passwordValid, err := password.VerifyArgon2(password, userHash)

if err != nil {
    panic(err)
}

if !passwordValid {
    // auth failed
    return
}

// auth pass

License

MIT licensed 2019 Cedrik Kaufmann. See the LICENSE file for further details.

Documentation ¶

Index ¶

Variables
func EncodeArgon2(hash []byte, salt []byte, p *Argon2Params) (string, error)
func HashArgon2(password string, p *Argon2Params) ([]byte, []byte, error)
func HashArgon2Raw(clear []byte, salt []byte, p *Argon2Params) ([]byte, error)
func SecureSalt(length uint32) ([]byte, error)
func VerifyArgon2(password string, encodedHash string) (bool, error)
type Argon2Algorithm
type Argon2Params
- func DecodeArgon2(enc string) ([]byte, []byte, *Argon2Params, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrUnknownAlgorithm = errors.New("unknown/unsupported hashing algorithm")
	ErrVersionMismatch  = errors.New("algorithm version mismatch")
	ErrEncodingFormat   = errors.New("wrong encoding format")
)

Functions ¶

func EncodeArgon2 ¶

func EncodeArgon2(hash []byte, salt []byte, p *Argon2Params) (string, error)

EncodeArgon2 encodes a given Argon2 hash and salt returns encoded hash or error

func HashArgon2 ¶

func HashArgon2(password string, p *Argon2Params) ([]byte, []byte, error)

HashArgon2 hashes a password using the Argon2 implementation returns the hashed key and salt or error

func HashArgon2Raw ¶

func HashArgon2Raw(clear []byte, salt []byte, p *Argon2Params) ([]byte, error)

HashArgon2Raw generates a hash using the specified salt and params using argon2

This function doesn't generate its own secure salt

returns hash or error

func SecureSalt ¶

func SecureSalt(length uint32) ([]byte, error)

SecureSalt generates a secure salt with given length using crypto/rand package returns salt or error

func VerifyArgon2 ¶

func VerifyArgon2(password string, encodedHash string) (bool, error)

VerifyArgon2 verifies a password and an encoded argon2 hash using the Argon2 implementation returns boolean or error

Types ¶

type Argon2Algorithm ¶

type Argon2Algorithm uint8

Argon2Algorithm represents the algorithm enum type

const (
	AlgorithmArgon2id Argon2Algorithm = iota
	AlgorithmArgon2i
)

Algorithm enum const for choosing either argon2i or argon2id implementation for password hashing

type Argon2Params ¶

type Argon2Params struct {
	Algorithm  Argon2Algorithm
	SaltLength uint32
	KeyLength  uint32
	Time       uint32
	Memory     uint32
	Threads    uint8
	// contains filtered or unexported fields
}

Argon2Params setting struct This is used to set the used argon2 params which will be used during key derivation process

func DecodeArgon2 ¶

func DecodeArgon2(enc string) ([]byte, []byte, *Argon2Params, error)

DecodeArgon2 decodes a given Argon2 bas64 string returns decoded hash, salt and params or error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL