password

Documentation

Overview

Password tries to minimize the attack surface of a password by minimizing the time window of a password being valid. It uses derived keys from a hash/salted password value without using the original plain combination ever for authorization.

This enables the web use with basic auth by reducing the downsides that remain over TLS communication.

Index

• type Compute
• type Password
  • func Create(pass, salt []byte) *Password
  • func Import(hash []byte, derivation Compute, data any) (*Password, error)
  • func (p *Password) Data(data any)
  • func (p *Password) Derivation(compute Compute)
  • func (p *Password) Export() []byte
  • func (p *Password) Now(compute Compute) (Token, error)
  • func (p *Password) String() string
  • func (p *Password) Token() Token
• type Token
  • func (t Token) String() string

Examples

• Create
• Import
• Password.Export
• Password.Token

Types

type Compute

type Compute func(hash []byte, data any) (Token, error)

type Password

type Password struct {
	// contains filtered or unexported fields
}

func Create

func Create(pass, salt []byte) *Password

New takes a password and an optional salt to return a hashed and optionally salted Password.

Example

package main

import (
	"fmt"
	"log"

	"catinello.eu/password"
)

var (
	pass = []byte{100, 101, 102, 103, 104}
	salt = []byte{0, 1, 2, 3, 4}
	hash = "I)08P<rQ/Qfz434</2WVc4h%<n9n%.0o[o/vuPGF"
)

func main() {
	p := password.Create(pass, salt)
	if p.String() != hash {
		log.Fatal("Create() failed to produce the expected hash value.")
	}

	fmt.Println(p)
}

Output:

I)08P<rQ/Qfz434</2WVc4h%<n9n%.0o[o/vuPGF

func Import

func Import(hash []byte, derivation Compute, data any) (*Password, error)

Import takes any byte slice value bigger than 32 bytes and an alternative derivation function.

Example

package main

import (
	"fmt"
	"log"

	"catinello.eu/password"
)

var (
	hash = "I)08P<rQ/Qfz434</2WVc4h%<n9n%.0o[o/vuPGF"
	p    *password.Password
)

func main() {
	b := p.Export()

	n, err := password.Import(b, nil, nil)
	if err != nil {
		log.Fatal(err)
	}

	if n.String() != hash {
		log.Fatal("Import() failed to produce the expected hash value.")
	}

	fmt.Println(n)
}

Output:

I)08P<rQ/Qfz434</2WVc4h%<n9n%.0o[o/vuPGF

func (*Password) Data

func (p *Password) Data(data any)

Data allows you to pass external data to compute a Token.

func (*Password) Derivation

func (p *Password) Derivation(compute Compute)

Derivation allows you to set your custom derivation function to compute a Token.

func (*Password) Export

func (p *Password) Export() []byte

Export return the hash and salt of Password.

Example

package main

import (
	"fmt"
	"log"

	"catinello.eu/password"
)

var p *password.Password

func main() {
	b := p.Export()
	if len(b) != 32 {
		log.Fatal("Export() is expected to export a 32 bytes slice.")
	}

	fmt.Println(len(b))
}

Output:

32

func (*Password) Now

func (p *Password) Now(compute Compute) (Token, error)

Now returns the present Token derived from Password using your given Compute function.

func (*Password) String

func (p *Password) String() string

String returns a base91 encoded string value of Password hash.

func (*Password) Token

func (p *Password) Token() Token

Token returns the present Token variant of Password using the derivation Compute function.

Example

package main

import (
	"bytes"
	"fmt"
	"log"

	"catinello.eu/password"
)

var p *password.Password

func main() {
	b := p.Export()

	n, err := password.Import(b, nil, nil)
	if err != nil {
		log.Fatal(err)
	}

	if bytes.Compare(p.Token(), n.Token()) != 0 {
		log.Fatal("Tokens failed to produce the same Token.")
	}

	fmt.Println(bytes.Compare(p.Token(), n.Token()))
}

Output:

0

type Token

type Token []byte

func (Token) String

func (t Token) String() string

String returns a base91 encoded string value of the Token.