Documentation
¶
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultParams = Params{N: 16384, R: 8, P: 1, SaltLen: 16, DKLen: aesKeyLength}
DefaultParams provides sensible default inputs into the scrypt function for interactive use (i.e. web applications). These defaults will consume approxmiately 16MB of memory (128 * r * N). The default key length is 256 bits.
var ErrInvalidHash = errors.New("scrypt: the provided hash is not in the correct format")
ErrInvalidHash is returned when failing to parse a provided scrypt hash and/or parameters.
var ErrInvalidParams = errors.New("scrypt: the parameters provided are invalid")
ErrInvalidParams is returned when the cost parameters (N, r, p), salt length or derived key length are invalid.
var ErrMismatchedHashAndPassword = errors.New("scrypt: the hashed password does not match the hash of the given password")
ErrMismatchedHashAndPassword is returned when a password (hashed) and given hash do not match.
Functions ¶
func CompareHashAndPassword ¶
CompareHashAndPassword compares a derived key with the possible cleartext equivalent. The parameters used in the provided derived key are used. The comparison performed by this function is constant-time. It returns nil on success, and an error if the derived keys do not match.
func Key ¶
Key derived key for e.g. AES-256 Key derives a key from the password, salt, and cost parameters returning
a byte slice of length keyLen that can be used as cryptographic key.
N is a CPU/memory cost parameter, which must be a power of two greater than 1.
r and p must satisfy r * p < 2³⁰. If the parameters do not satisfy the limits,
the function returns a nil byte slice and an error.
Password is passed by user Salt is a unique salt for the system this will be running on and doesn't change
Types ¶
type Params ¶
type Params struct {
N int `json:"iterations"` // CPU/memory cost parameter (logN)
R int `json:"block_size"` // block size parameter (octets)
P int `json:"parallelism"` // parallelisation parameter (positive int)
SaltLen int `json:"salt_bytes"` // bytes to use as salt (octets)
DKLen int `json:"derived_key_length"` // length of the derived key (octets)
Salt []byte `json:"generated_or_stored_salt"` // generated or stored salt
Dk []byte `json:"derived_key"` // derived key
}
Params store values for scrypt encryption
func Calibrate ¶
Calibrate returns the hardest parameters (not weaker than the given params), allowed by the given limits. The returned params will not use more memory than the given (MiB); will not take more time than the given timeout, but more than timeout/2.
The default timeout (when the timeout arg is zero) is 200ms.
The default memMiBytes (when memMiBytes is zero) is 16MiB.
The default parameters (when params == Params{}) is DefaultParams.
Example ¶
p, err := Calibrate(1*time.Second, 128, Params{})
log.Println("Calibration: ", p)
if err != nil {
panic(err)
}
salt := crypt.GenSalt(p.Salt, p.SaltLen)
p.Salt = salt
dk, err := Key("super-secret-password", p)
log.Printf("generated password is %q (%v)", dk, err)
/*
Output:
generated password is: IGNORE JUST HERE SO IT RUNS
*/
Output: generated password is: IGNORE JUST HERE SO IT RUNS
func Cost ¶
Cost returns the scrypt parameters used to generate the derived key. This allows a package user to increase the cost (in time & resources) used as computational performance increases over time.
Source Files