Documentation
¶
Index ¶
- Constants
- Variables
- func AB64Encode(src []byte) []byte
- func B64Encode(src []byte) []byte
- func Compare(phash, password string) bool
- func Hash(password string) string
- func Hash64Encode(src []byte) []byte
- func IsWeak(hash string) bool
- func NewHashString(hash, salt string) *phcString
- func Parse(phash string) (*phcString, error)
- type Algorithm
- type Argon2Hash
- type BCryptHash
- type BCryptSHA256Hash
- type Decoder
- type Dialect
- type Encoder
- type Hasher
- type Hashy
- type Options
- type PHPassHash
Constants ¶
const ( DialectPHC dialect = iota + 1 DialectCrypt DialectDjangoBCryptSHA256 DialectPHPass DialectPHPassBB3 )
Variables ¶
var AB64Encoding = base64.NewEncoding(AB64Table).WithPadding(base64.NoPadding)
var AB64Table = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./"
var B64Encoding = base64.NewEncoding(B64Table).WithPadding(base64.NoPadding)
var B64Table = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
var BCryptEncoding = base64.NewEncoding(BCryptTable).WithPadding(base64.NoPadding)
var BCryptTable = "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
var CryptEncoding = base64.NewEncoding(CryptTable).WithPadding(base64.NoPadding)
var CryptTable = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
var ErrConvertingParameterType = errors.NewError("unable to convert parameter type")
var ErrEmptyHash = errors.NewError("empty hash not allowed")
var ErrHashingPassword = errors.NewError("error hashing password")
var ErrInsufficientRandomBytes = errors.NewError("insufficient random bytes read")
var ErrParsingHash = errors.NewError("unable to parse hash")
var ErrPasswordEmpty = errors.NewError("empty passwords are not permitted")
var ErrPasswordSaltLength = errors.NewError("password salt length underrun")
var ErrReadingRandomBytes = errors.NewError("unable to read random bytes")
var Version string = "0.1.0"
Functions ¶
func AB64Encode ¶
AB64Encode is a passlib- (Python) compatible base64 implementation using the alternative AB64Table alphabet with "+" replaced by ".".
func B64Encode ¶
B64Encode is a passlib- (Python) compatible base64 implementation that does *not* write padding values to the end of the output.
func Compare ¶
Compare the given password to the provided password hash string. This will automatically deduce the type of hash and perform a comparison accordingly.
func Hash ¶
Hash the given password using library defaults. Out-of-the-box, this will use argon2id with a time parameter of 2, memory usage of 100KiB (64MiB is recommended), and NUMCPU threads. The lower memory value is selected for constrained environments.
If you require customization of the hashing algorthim(s), or its properties, please refer to New.
func Hash64Encode ¶
Hash64Encode encodes incoming bytes using the base64 crypt()-style encoding variant found in PHPass.
This differs somewhat from a direct one-to-one port of PHPass in that a) a length argument is not accepted and b) allocations are handled internally before being returned (rather than concatenated or appended).
func IsWeak ¶
IsWeak returns true if the specified hash is weak. Weak hashes are those that do not implement modern algorithms. Note that this does not (yet) examine parameters to determine if the hash is "weak."
This function can be used in conjunction with Compare() and Hash() when a weak hash is discovered. e.g., when migrating users from platforms that use weak hashes, once one is found, the password can be transparently re-hashed to a stronger algorithm.
func NewHashString ¶
func NewHashString(hash, salt string) *phcString
NewHashString returns a new PHC-formatted hash generator using the provided hash and salt.
Use this function to generate a new PHC object, attach values to it (e.g. via Add()), and export it as a string via the String() method.
Types ¶
type Algorithm ¶
type Algorithm int
const ( // Argon2id is the default algorithm used by hashy. Argon2id Algorithm = iota + 1 Argon2i BCrypt BCryptCompat // BCryptSHA256 provides Python passlib compatibility. Supports v1 // (SHA2-256) and v2 (HMAC-SHA2-256). BCryptSHA256 // PHPass compatibility, such as that found in common use via WordPress. // phpBB3 uses a non-standard (of a non-standard) hash ID that deviates from // PHPass ("H" rather than "P"). We treat both the same. PHPass SCrypt DjangoBCryptSHA256 )
type Argon2Hash ¶
type Argon2Hash struct {
// contains filtered or unexported fields
}
func NewArgon2IDHash ¶
func NewArgon2IDHash(options Options) *Argon2Hash
func NewArgon2IHash ¶
func NewArgon2IHash(options Options) *Argon2Hash
func (*Argon2Hash) Error ¶
func (h *Argon2Hash) Error() error
func (*Argon2Hash) Hash ¶
func (h *Argon2Hash) Hash(password string) (*phcString, error)
type BCryptHash ¶
type BCryptHash struct {
// contains filtered or unexported fields
}
func NewBCryptHash ¶
func NewBCryptHash(options Options) *BCryptHash
func (*BCryptHash) Error ¶
func (h *BCryptHash) Error() error
func (*BCryptHash) Hash ¶
func (h *BCryptHash) Hash(password string) (*phcString, error)
type BCryptSHA256Hash ¶
type BCryptSHA256Hash struct {
// contains filtered or unexported fields
}
func NewBCryptSHA256Hash ¶
func NewBCryptSHA256Hash(options Options) *BCryptSHA256Hash
func (*BCryptSHA256Hash) Compare ¶
func (h *BCryptSHA256Hash) Compare(phash, password string) (bool, error)
func (*BCryptSHA256Hash) Error ¶
func (h *BCryptSHA256Hash) Error() error
func (*BCryptSHA256Hash) Hash ¶
func (h *BCryptSHA256Hash) Hash(password string) (*phcString, error)
type Decoder ¶
func B64Decoder ¶
B64Decoder returns a custom Decoder utilizing the specified alphabet. The Decoder returned will accept a hash string as a byte array and return its decoded byte-level representation.
type Encoder ¶
func B64Encoder ¶
B64Encoder returns a custom Encoder utilizing the specified alphabet. The Encoder returned will accept a byte array and return its hash as a byte array.
func Hash64Encoder ¶
type Hasher ¶
type Hasher interface { // Compares the hash with the plain text password returning true if they // match. Compare(hash, password string) (bool, error) // Error returns the current error state, if any, of the hasher. Error() error // Hash the specified password returning an appropriately-encoded hash. If // an error occurs during the hashing process, this should return the string // "*" and client code should examine the output of Error(). Hash(string) (*phcString, error) }
type Hashy ¶
type Hashy struct { Hasher Hasher // contains filtered or unexported fields }
Hashy is the primary data type around which Hashy's public API is constructed. When configuring a new hash, with options, this is the type that is returned.
func (*Hashy) IsWeak ¶
IsWeak returns true if the specified hash is weak. Weak hashes are those that do not implement modern algorithms. Note that this does not (yet) examine parameters to determine if the hash is "weak."
This function can be used in conjunction with Compare() and Hash() when a weak hash is discovered. e.g., when migrating users from platforms that use weak hashes, once one is found, the password can be transparently re-hashed to a stronger algorithm.
type Options ¶
type Options struct { // SaltLength for hashes that support variable-length salts. Default values // are algorithm-dependent. SaltLength int // TimeCost for argon2. If unset this will default to 2. Recommended default // from upstream: 1 (when using 64MiB for MemoryCost). TimeCost int // MemoryCost for argon2. If unset this will default to 100*1024 (100KiB). // Recommended default from upstream: 64*1024*1024 (64MiB). MemoryCost int // Threads (CPU count) for argon2. If set to 0, this will use // runtime.NumCPU. Threads int // KeyLength for argon2. This controls the length of the generated hash. If // set to 0 this will default to 64. KeyLength int // CostFactor for bcrypt. If unset this will default to 12. CostFactor int // RoundCount for PHPass hashes. Defaults to 512 if unset. RoundCount int }
type PHPassHash ¶
type PHPassHash struct {
// contains filtered or unexported fields
}
func NewPHPassHash ¶
func NewPHPassHash(options Options) *PHPassHash
func (*PHPassHash) Error ¶
func (h *PHPassHash) Error() error
func (*PHPassHash) Hash ¶
func (h *PHPassHash) Hash(password string) (*phcString, error)