Documentation ¶
Overview ¶
Package argonpass provides passphrase hashing and hash verification using the Argon2 password hashing method.
The default Argon2 function is ```Argon2id```, which is a hybrid version of Argon2 combining Argon2i and Argon2d. Argon2id is side-channel resistant and provides better brute- force cost savings due to time-memory tradeoffs than Argon2i, but Argon2i is still plenty secure.
The string input/output format was designed to be compatible with [Passlib for Python](https://passlib.readthedocs.io/en/stable/lib/passlib.hash.argon2.html) and [Argon2 PHP](https://wiki.php.net/rfc/argon2_password_hash), and you should have full compatibility using the ```argon2i``` function, but will not be able to use ```argon2id```, which is the default for this package until those libraries are updated to support it. I encourage you to find the parameters that work best for your application, but the defaults are resonable for an interactive use such as a web application login.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrCustomParameters indicates the parameters passed to hash function are invalid. // see minimum constants in password.go ErrCustomParameters = errors.New("Parameters passed to hash are invalid") // ErrPassphraseInputTooShort indicates the passphrase was less than 8 characters ErrPassphraseInputTooShort = errors.New("Passphrase Input too short, must be >= 8 characters") // ErrVersion indicates the version could not be found in hash string or version of hash is // greater than current package version and is incompatible ErrVersion = errors.New("Unable to parse version or incorrect version") // ErrFunctionMismatch indicates the function does not match a supported Argon2 function of 'i' or 'id' ErrFunctionMismatch = errors.New("Function of hash is invalid, must be 'argon2i' or 'argon2id'") // ErrDecodingSalt indicates there was an issue converting the expected base64 salt to bytes ErrDecodingSalt = errors.New("Unable to decode salt base64 to byte") // ErrDecodingDigest indicates there was an issue converting the expected base64 hash digest to bytes ErrDecodingDigest = errors.New("Unable to decode passhash digest base64 to byte") // ErrParseTime indicates there was an issue parsing the time parameter from the hash // input string, possibly was not expected integer value ErrParseTime = errors.New("Unable to parse time parameter") // ErrParseMemory indicates there was an issue parsing the memory parameter from the hash // input string, possibly was not expected integer value ErrParseMemory = errors.New("Unable to parse memory parameter") // ErrParseParallelism indicates there was an issue parsing the parallelism parameter from the hash // input string, possibly was not expected integer value ErrParseParallelism = errors.New("Unable to parse parallelism/threads parameter") // ErrHashMismatch indicates the Argon2 digest regenerated using the hash input string salt // and user password input did not produce a matching value. Passphrase input does not match // hash string input. ErrHashMismatch = errors.New("Unable to verify passphrase input with given hash value") // ErrInvalidHashFormat indicates the hash string input does not match specified format, // example: '$argon2{function(i/id)}$v={version}$m={memory},t={time},p={parallelism}${salt(base64)}${digest(base64)}' ErrInvalidHashFormat = errors.New("Invalid hash input string format") )
Functions ¶
func Benchmark ¶
func Benchmark(params ArgonParams) (elapsed float64, err error)
Benchmark takes ArgonParams and returns the number of seconds elapsed as a float64 and error
Types ¶
type ArgonParams ¶
type ArgonParams struct { Time uint32 Memory uint32 Parallelism uint8 OutputSize uint32 Function string SaltSize uint8 }
ArgonParams control how the Argon2 function creates the digest output
func GetParams ¶
func GetParams(hash string) (hashParams ArgonParams, err error)
GetParams takes hash sting as input and returns parameters as ArgonParams along with error