README
¶
Argon2Idhash Wrapper
What is it?
Easy to use wrapper around the Argon2id hashing algorithm to allow easy hashing and verification. Salts are automatically generated and encoded into the hash. Optionally, a global pepper can be used along with the salt for further security.
Basic Usage
Generate the hash bytes for a string:
package main
import (
"fmt"
"github.com/ymiseddy/go_tools/idhash"
)
func main() {
password := "Secret password"
hashed := idhash.DefaultArgon2Id.GenerateHashBytes(password)
fmt.Printf("Hashed: %x\n", hashed)
verified := idhash.DefaultArgon2Id.Verify([]byte(password), hashed)
if verified {
fmt.Println("Passwords match.")
} else {
fmt.Println("Passwords do not match.")
}
}
Base64 encoded hash
Using convenience functions automatically convert to and from base64:
password := "Secret password"
hashed, err := idhash.DefaultArgon2Id.GenerateHashBase64(password)
if err != nil {
panic(err)
}
fmt.Printf("Hashed: %s\n", hashed)
verified, err := idhash.DefaultArgon2Id.VerifyBase64(password, hashed)
if err != nil {
panic(err)
}
if verified {
fmt.Println("Passwords match.")
} else {
fmt.Println("Passwords do not match.")
}
Using Pepper
An example of using a pepper when generating the hash by creating a copy of the default argon2id struct:
password := "Secret password"
hashgenerator := idhash.DefaultArgon2Id
hashgenerator.Pepper = []byte{23, 21, 24, 17, 19, 21, 22, 27}
hashed, err := hashgenerator.GenerateHashBase64(password)
if err != nil {
panic(err)
}
fmt.Printf("Hashed: %s\n", hashed)
verified, err := hashgenerator.VerifyBase64(password, hashed)
if err != nil {
panic(err)
}
if verified {
fmt.Println("Passwords match.")
} else {
fmt.Println("Passwords do not match.")
}
Documentation
¶
Overview ¶
Security related tools.
Index ¶
- Variables
- func GenerateSecureRandom(length uint32) []byte
- type Argon2IdHashGenerator
- func (i Argon2IdHashGenerator) GenerateHashBase64(target string) (string, error)
- func (i Argon2IdHashGenerator) GenerateHashBytes(target string) []byte
- func (i Argon2IdHashGenerator) GenerateHashWithSalt(targetBytes []byte, saltBytes []byte) []byte
- func (i Argon2IdHashGenerator) GenerateKeyFromBytes(targetBytes []byte, length uint32, saltBytes []byte) []byte
- func (i Argon2IdHashGenerator) Verify(target []byte, hashed []byte) bool
- func (i Argon2IdHashGenerator) VerifyBase64(target string, base64Hash string) (bool, error)
- type HashGenerator
Constants ¶
This section is empty.
Variables ¶
var DefaultArgon2Id = Argon2IdHashGenerator{ Memory: 64 * 1024, Iterations: 3, Parallelism: 2, SaltLength: 16, Keylength: 32, Pepper: nil, }
An Argon2IdHashGenerator with default settings which can be used as is.
Functions ¶
func GenerateSecureRandom ¶
Utility to generate a secure random bytes.
Types ¶
type Argon2IdHashGenerator ¶
type Argon2IdHashGenerator struct {
// Amount of memory to use
Memory uint32
// Number of argon2id iterations
Iterations uint32
// Amount of threads or parallelism.
Parallelism uint8
// Length of the salt.
SaltLength uint32
// Length of the resulting key.
Keylength uint32
// If set, this value is appended to the password/target before hashing.
Pepper []byte
}
Use to generate hashes using argon2id.
func (Argon2IdHashGenerator) GenerateHashBase64 ¶
func (i Argon2IdHashGenerator) GenerateHashBase64(target string) (string, error)
Generates the hash of a string and returns the base64 encoded hash.
func (Argon2IdHashGenerator) GenerateHashBytes ¶
func (i Argon2IdHashGenerator) GenerateHashBytes(target string) []byte
Generates a hash of the specified string.
func (Argon2IdHashGenerator) GenerateHashWithSalt ¶
func (i Argon2IdHashGenerator) GenerateHashWithSalt(targetBytes []byte, saltBytes []byte) []byte
Genrate bytes with the specified salt. The salt is the first n bytes of the returned value
func (Argon2IdHashGenerator) GenerateKeyFromBytes ¶
func (i Argon2IdHashGenerator) GenerateKeyFromBytes(targetBytes []byte, length uint32, saltBytes []byte) []byte
Generates the raw hash without including the salt in the output bytes.
func (Argon2IdHashGenerator) Verify ¶
func (i Argon2IdHashGenerator) Verify(target []byte, hashed []byte) bool
Verifies the specified target bytes against the hash.
func (Argon2IdHashGenerator) VerifyBase64 ¶
func (i Argon2IdHashGenerator) VerifyBase64(target string, base64Hash string) (bool, error)
Verifies the specified target against a hash encoded in base64.
Source Files