argonhasher

package module
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 28, 2021 License: GPL-3.0 Imports: 7 Imported by: 1

README

argonhasher

A simple wrapper to produce an argon2 key from a plaintext password

Documentation

Index

Examples

Constants

This section is empty.

Variables

View Source
var (
	ErrInputInvalid = fmt.Errorf("input arguments invalid")
)

Functions

func Confirm added in v0.3.0

func Confirm(password string, hash string) (valid bool)

We will hash the provided strings using the arguments stored in the provided hash to compare against. this will allow us change the defaults and still compare against existing passwords.:

Example
/*
	the plain text password hashed in the Encode example
*/
pw := "c2BDNoW38DStXvzP"

/*
	Check password attempts against a hash produced using the Encode example
*/
hashedPassword := "$argon2id$v=19$t=6,m=196609,p=5$1NTc5r54Kft32HOA/SWYvOjpt6XNTE1MkGoiOsNSwjR9YhoV8guCpIWezymtmcuCODN4PqW0fylGip6yy39o1g$HB2H5fRxY+ev52xWrjoW8w"

/*
	Incorrect password should return error
*/
pwAttempt1 := "password"
valid := Confirm(pwAttempt1, hashedPassword)
if !valid {
	fmt.Println("Mismatched Password")
}

/*
	Incorrect password should return error
*/
pwAttempt2 := "123456"
valid = Confirm(pwAttempt2, hashedPassword)
if !valid {
	fmt.Println("Mismatched Password")
}

/*
	Correct password, should return nil error
*/
valid = Confirm(pw, hashedPassword)
if !valid {
	fmt.Println("Mismatched Password")
}
fmt.Println("Password OK?:", valid)
Output:

Mismatched Password
Mismatched Password
Password OK?: true

func Encode

func Encode(pw string, cost uint) (hashWithConfig string)

Encode creates an argon2 hash from a plaintext password. It encodes using hardcoded defaults, with the cost providing a multiplier to the resources required. A cost set to zero will provide a strong default option, and is recommended The function returns a standard format argon2 hash string if the hash completes without error, otherwise an empty string is returned.

Example
/*
	the plain text password to hash with argon2
*/
pw := "c2BDNoW38DStXvzP"

/*
	the cost (difficulty) of the computation to produce the hash.
	if 0, the Encode function chooses a sensible, secure default
*/
var cost uint = 0

/*
	Produce the hash.  Each hash generates a unique salt so no two hashes should be equal.
	The hash, salt, and encoding options are all stored in the string,
*/
hashedPassword1 := Encode(pw, cost)
hashedPassword2 := Encode(pw, cost)
fmt.Println(hashedPassword1 == hashedPassword2)
Output:

false

func ValidHash added in v0.3.0

func ValidHash(h string) bool

Types

type KDFconfig

type KDFconfig struct {

	/*
		Salt is the base64 string used to salt our derived keys.
	*/
	Salt []byte

	/*
		SaltLength
		length of random-generated salt
		min 16 bytes recommended for password hashing)
	*/
	SaltLength uint

	/*
		Time (i.e. iterations) - t
		number of iterations or pass throughs to perform
	*/
	Time uint32

	/*
		Memory - m
		amount of memory (in kilobytes) to use
	*/
	Memory uint32

	/*
		Threads (parallelism) p: degree of parallelism (i.e. number of threads)
	*/
	Threads uint8

	/*
		KeyLen T: desired number of returned bytes
		128 bit (16 bytes) sufficient for most applications
	*/
	KeyLen uint32
}

KDFconfig is the base struct for argonhasher, the Argon2id wrapper. It uses the standard library's argon2 IDKey function: func IDKey(password, salt []byte, time, memory uint32, threads uint8, keyLen uint32) []byte $argon2id$v=19$t=10,m=65536,p=8$SALT$HASH

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL