scrypt

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 14, 2019 License: MIT Imports: 11 Imported by: 0

Documentation

Index

Examples

Constants

This section is empty.

Variables

View Source
var DefaultParams = Params{N: 16384, R: 8, P: 1, SaltLen: 16, DKLen: aesKeyLength}

DefaultParams provides sensible default inputs into the scrypt function for interactive use (i.e. web applications). These defaults will consume approxmiately 16MB of memory (128 * r * N). The default key length is 256 bits.

View Source
var ErrInvalidHash = errors.New("scrypt: the provided hash is not in the correct format")

ErrInvalidHash is returned when failing to parse a provided scrypt hash and/or parameters.

View Source
var ErrInvalidParams = errors.New("scrypt: the parameters provided are invalid")

ErrInvalidParams is returned when the cost parameters (N, r, p), salt length or derived key length are invalid.

View Source
var ErrMismatchedHashAndPassword = errors.New("scrypt: the hashed password does not match the hash of the given password")

ErrMismatchedHashAndPassword is returned when a password (hashed) and given hash do not match.

Functions

func CompareHashAndPassword

func CompareHashAndPassword(hash []byte, password []byte) error

CompareHashAndPassword compares a derived key with the possible cleartext equivalent. The parameters used in the provided derived key are used. The comparison performed by this function is constant-time. It returns nil on success, and an error if the derived keys do not match.

func Key

func Key(password string, params Params) ([]byte, error)

Key derived key for e.g. AES-256 Key derives a key from the password, salt, and cost parameters returning

a byte slice of length keyLen that can be used as cryptographic key.

N is a CPU/memory cost parameter, which must be a power of two greater than 1.

r and p must satisfy r * p < 2³⁰. If the parameters do not satisfy the limits,

the function returns a nil byte slice and an error.

Password is passed by user Salt is a unique salt for the system this will be running on and doesn't change

Types

type Params

type Params struct {
	N       int    `json:"iterations"`               // CPU/memory cost parameter (logN)
	R       int    `json:"block_size"`               // block size parameter (octets)
	P       int    `json:"parallelism"`              // parallelisation parameter (positive int)
	SaltLen int    `json:"salt_bytes"`               // bytes to use as salt (octets)
	DKLen   int    `json:"derived_key_length"`       // length of the derived key (octets)
	Salt    []byte `json:"generated_or_stored_salt"` // generated or stored salt
	Dk      []byte `json:"derived_key"`              // derived key
}

Params store values for scrypt encryption

func Calibrate

func Calibrate(timeout time.Duration, memMiBytes int, params Params) (Params, error)

Calibrate returns the hardest parameters (not weaker than the given params), allowed by the given limits. The returned params will not use more memory than the given (MiB); will not take more time than the given timeout, but more than timeout/2.

The default timeout (when the timeout arg is zero) is 200ms.
The default memMiBytes (when memMiBytes is zero) is 16MiB.
The default parameters (when params == Params{}) is DefaultParams.
Example
p, err := Calibrate(1*time.Second, 128, Params{})
log.Println("Calibration: ", p)
if err != nil {
	panic(err)
}
salt := crypt.GenSalt(p.Salt, p.SaltLen)
p.Salt = salt
dk, err := Key("super-secret-password", p)
log.Printf("generated password is %q (%v)", dk, err)
/*
 Output:
 generated password is: IGNORE JUST HERE SO IT RUNS
*/
Output:

	 generated password is: IGNORE JUST HERE SO IT RUNS

func Cost

func Cost(hash []byte) (Params, error)

Cost returns the scrypt parameters used to generate the derived key. This allows a package user to increase the cost (in time & resources) used as computational performance increases over time.

func (*Params) Check

func (p *Params) Check() error

Check checks that the parameters are valid for input into the scrypt key derivation function.

func (*Params) String

func (p *Params) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL