Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultParams = ArgonParams{
Time: 1,
Memory: 32_768,
Threads: 4,
KeyLen: 32,
SaltLen: 16,
}
DefaultParams is the configuration recommended for all environments . A custom configuration should be provided for a production deployment in order to harden the service for the hardware it is running on.
Functions ¶
func GenerateRandHexString ¶
func GetPasswordHash ¶
func GetPasswordHash(password string, p ArgonParams) (string, error)
GetPasswordHash generates an encoded password hash using the argon2id hashing algorith. The returned string takes the form
`$argon2id$v=<argon2 VERISON>$m=<MEMORY>,t=<TIME>,p=<THREADS>$<SALT>$<HASH>`
This encoding provides all of the information required to recompute a hash and validate a provided password.
func ValidatePassword ¶
ValidatePassword determines if the provided plain-text password matches the encoded hash. Validity is determined by the first return paramter. An error will only be returned if the encoded hash is malformed, or the password cannot be hashed.
Types ¶
type ArgonParams ¶
type ArgonParams struct {
// Time is the max number of seconds that a hashing can afford to take. This parameter
// can be used to tune the algorithm independent of memory constraints.
Time uint32
// Memory is the max amount of memory (in KiB) that can be used by the hashing algorithm.
Memory uint32
// Threads is the number of concurrent (but synchronizing) threads that can be
// used to compute the hash.
Threads uint8
// KeyLen is the length (in bytes) of the final generated hash.
KeyLen uint32
// SaltLen is the length (in bytes) of the generated salt.
SaltLen uint32
}
ArgonParams holds the configuration used for generating argon2 password hashes. Argon2 configurations are dependent upon the host system and must be tweaked to maximize the tradeoff between hash speed and resource usage. For additional info, see section 4 of the Argon2 RFC (https://datatracker.ietf.org/doc/html/rfc9106).
Source Files