Documentation ¶
Overview ¶
Package hashpass implements a hashed password generation scheme.
Algorithm ¶
Passwords are generated by computing an HMAC/SHA256 value of a site name and salt string, using a user-provided secret passphrase. The bytes of the resulting hash are decomposed to choose characters from an alphabet string with uniform probability.
The input to the HMAC is formed by concatenating:
<site-name> [ "/" <salt> ]
The site name is typically part of the URL for a web site, e.g., "irs.gov". The salt is optional and may be provided to change the password, or to generate multiple passwords for a single site.
When a password is requested that exceeds the length in bytes of the HMAC output, the HMAC is repeated using the same input but with a byte index added as a counter.
Index ¶
Constants ¶
const ( // Uppercase is an alphabet of the uppercase ASCII letters. Uppercase = Alphabet("ABCDEFGHIJKLMNOPQRSTUVWXYZ") // Lowercase is an alphabet of the lowercase ASCII letters. Lowercase = Alphabet("abcdefghijklmnopqrstuvwxyz") // Letters is an alphabet of the ASCII letters. Letters = Uppercase + Lowercase // Digits is an alphabet comprising the ASCII decimal digits. Digits = Alphabet("0123456789") // Puncts is an alphabet consisting of various ASCII punctuation. Puncts = Alphabet("!@#$%^&*-_=+,.:/?") // NoPunct is an alphabet comprising Letters and Digits. NoPunct = Letters + Digits // All is an alphabet comprising Letters, Digits, and Puncts. All = Letters + Digits + Puncts )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Alphabet ¶
type Alphabet string
An Alphabet is a string of printable characters used to convert hash bytes into a printable password. Order is significant.
func (Alphabet) Get ¶
func (a Alphabet) Get() interface{}
Get implements the flag.Getter interface. The concrete value is a string.
func (Alphabet) Pick ¶
Pick chooses a display byte for the given hash byte based on the alphabet. The choice is made by scaling the byte value to the length of the alphabet, solving for x in b/256 = x/len(a).
type Context ¶
type Context struct { Alphabet // The alphabet from which passwords are drawn Site string // The site name or label (required) Salt string // A non-secret salt mixed in to the HMAC (optional) Secret string // The user's secret password (required) }
A Context contains the information needed to generate a password given the name of a site.
func (Context) Entropy ¶
Entropy returns an estimate of the bits of entropy for a password of the given length generated with the current settings. The result may be zero.
func (Context) Format ¶
Format returns a password based on a template that describes the desired output string.
The format string specifies the format of the resulting password: Each character of the format chooses a single character of the password.
A hash mark ("#") in the format is a wildcard for a decimal digit. An asterisk ("*") is a wildcard for a letter of either case. A caret ("^") is a wildcard for an uppercase letter. An underscore ("_") is a wildcard for a lowercase letter. A question mark ("?") is a wildcard for any punctuation character. A tilde ("~") is a wildcard for any non-punctuation character. All other characters are copied literally to the output.