Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type HashedPassword ¶
type HashedPassword struct {
// argon2 parameters the client used to hash the password
Params Params `json:"params"`
HashBase64 string `json:"hash_base_64"`
}
HashedPassword represents a password hashed with Argon2. This is the object the client sends instead of a password when we use "server relief".
HashedPassword satisfies interface "Password"
func (HashedPassword) Hash ¶
func (p HashedPassword) Hash() (encodedHash string, err error)
Hash generates a new random salt and hashes the password with HMAC-SHA256 using this salt as the HMAC key. Note that here the input is a password that was *already hashed* by the client (using Argon2) but we still have to hash it again so that an attacker getting his hand on a snapshot of our database is still unable to log himself in (cannot compute the Argon2 hash from the Argon2+HMAC hash). Note that unlike Argon2, HMAC consumes very few resources.
func (HashedPassword) Matches ¶
func (p HashedPassword) Matches(encodedHash string) (bool, error)
Matches checks whether the input password matches the current password hash
func (HashedPassword) Validate ¶
func (p HashedPassword) Validate() error
Validate the password format
type Params ¶
type Params struct {
Memory int `json:"memory"`
// called "time" in argon2-browser JS library
Iterations int `json:"iterations"`
// should always be "1" in JS
// but we still include the param for the sake of rigor
Parallelism int `json:"parallelism"`
SaltBase64 string `json:"salt_base_64"`
}
Params are the Argon2 parameters the client used to hash the password, which we must store so that the client can use the same parameters next time
type PwdMetadata ¶
type PwdMetadata struct {
HashedPassword
}
PwdMetadata ...
func ToMetadata ¶
func ToMetadata(msg json.Marshaler) (ret PwdMetadata, err error)
ToMetadata password conversion from a RawJSON message
Source Files