passwordHash

README

#passwordHash

An easy to use wrapper around https://godoc.org/golang.org/x/crypto/scrypt

Extracted from a bigger application so this can be used by others if it helps.

This wrapper sets sensible defaults for use with the scrypt package, it also generates a cryptographically secure pseudorandom number for a per password salt using crypto/rand.

#defaults

Name	Setting	Description
defaultByteLength	64	used salt and password hash length
defaultR	16	number of rounds
defaultN	16384	CPU / Memory cost, needs to be power of 2

#Usage

package main
import (
	"fmt"

	"github.com/richardbowden/passwordHash"
)

func main() {
	mypass := "mypassword"
	fmt.Println("Test password=", mypass)
	hashToStore, _ := passwordHash.HashWithDefaults(mypass, mypass)

	valid := passwordHash.Validate(mypass, mypass, hashToStore)

	fmt.Printf("Password is valid=%v\n", valid)

	fmt.Println("Testing invalid password=no against passowrd=mypassword")
	valid = passwordHash.Validate("no", hashToStore)
	fmt.Printf("Password is not valid=%v\n", valid)
}

Documentation

Index

• Constants
• func GenerateSalt(byteLength int) ([]byte, error)
• func Hash(p1 string, p2 string, r int, n int, saltByteLength int, keyByteLength int) (string, error)
• func HashWithDefaults(pw1 string, pw2 string) (string, error)
• func Validate(password string, hashPackage string) (bool, error)

Constants

const (
	// DefaultSaltByteLength is the default length (bytes) of a generated secure
	// random salt
	DefaultSaltByteLength = 64

	// DefaultKeyByteLength is the default length (bytes) of the hash that will be
	// generated
	DefaultKeyByteLength = 64

	// DefaultR is the number of rounds of hashing used to generated a hashed
	// password
	DefaultR = 16

	// DefaultN is a CPU/memory cost parameter which must be a power of two
	// greater than 1
	DefaultN = 16384
)

Functions

func GenerateSalt

func GenerateSalt(byteLength int) ([]byte, error)

GenerateSalt takes a byte size as an int, returns a secure random stirng to the size of byteSize.

See: https://golang.org/pkg/crypto/rand/

func Hash

func Hash(p1 string, p2 string, r int, n int, saltByteLength int, keyByteLength int) (string, error)

Hash hashes p1 (password) using r (rounds), n (costParam) and a securely generated salt (see GenerateSalt func).

p1 and p2 are compared using ConstantTimeCompare, if no match, err is returned.

A string in the following format is returned r:n:keyLength:salt:hashedPassword

See Validate func for password validation

func HashWithDefaults

func HashWithDefaults(pw1 string, pw2 string) (string, error)

HashWithDefaults is the same as Hash, but uses the default settings

default r (rounds) = 16 default N (cpu/ memory cost) = 16386 default h (hashByteSize) = 64 default s (saltByteSize) = 64

returns a string as: r:n:keyLength:salt:hashedPassword

func Validate

func Validate(password string, hashPackage string) (bool, error)

Validate compares password against stored hash. password is the password as a string, hashPackage is the string that has been generated by HashWithDefaults or Hash functions

returns true or false

NOTE: If this func returns any errors, calling func should log there was an error decoding said password, dont log the password but just a ref to the user in question and investigate accordingly