kdf

package
v0.24.2-rc3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 13, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// Argon2MaxMemory indicates the maximum amount of memory that Argon2 KDFs
	// can support. It defines the maximum value for the parameter m.  The
	// current value is set to 16GB.
	Argon2MaxMemory = 16 * 1048576

	// Argon2MaxParallelism is the maximum number of threads used. It's the
	// maximum value for the parameter p.
	Argon2MaxParallelism = 32

	// Argon2MaxIterations is the maximum number of iterations to run. It's the
	// maximum value for the parameter t.
	Argon2MaxIterations = 128
)
View Source
var (
	// ScryptMaxCost the maximum value for ln. Maximum is set to avoid
	// panics due to not enough memory errors. Memory used is ~4*32*(2^ln)*r
	// bytes.
	ScryptMaxCost = 20
	// ScryptMaxBlockSize is the maximum value for r. The maximum is set to
	// avoid panics due to not enough memory errors. Memory used is
	// ~4*32*(2^ln)*r bytes.
	ScryptMaxBlockSize = 32
	// ScryptMaxParallelism is the maximum value for p.
	ScryptMaxParallelism = 32
)

Functions

func Argon2i

func Argon2i(password []byte) (string, error)

Argon2i uses Argon2i variant to derive the given password. Returns the hash using the PHC string format.

Argon2i is optimized to resist side-channel attacks.

func Argon2id

func Argon2id(password []byte) (string, error)

Argon2id uses Argon2id variant to derive the given password. Returns the hash using the PHC string format.

Argon2id is an hybrid version of Argon2d, that maximizes resistance to GPU attacks and Argon2i that is optimized to resist side-channel attacks. The Internet draft (https://tools.ietf.org/html/draft-irtf-cfrg-argon2-03) recommends using Argon2id.

func Bcrypt

func Bcrypt(password []byte) (string, error)

Bcrypt uses bcrypt to derive the given password. Returns the hash using the Modular Crypt Format standard for bcrypt implementations.

func Compare

func Compare(password, phc []byte) (bool, error)

Compare compares the password with the given PHC encoded hash, returns true if they match. The time taken is a function of the length of the slices and is independent of the contents.

func CompareString

func CompareString(password, phc string) (bool, error)

CompareString compares the given password with the given PHC encoded hash, returns true if they match. The time taken is a function of the length of the slices and is independent of the contents.

func Scrypt

func Scrypt(password []byte) (string, error)

Scrypt uses scrypt-32768 to derive the given password. Returns the hash using the PHC string format.

Types

type KDF

type KDF func(password []byte) (string, error)

KDF is the type that all the key derivation functions implements. The current methods uses safe default values, but future improvements can add functional options to be able to use custom settings.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL