Skip to content

aykevl/pwhash

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.circleci
.circleci
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
pwhash.go
pwhash.go
 
 
pwhash_test.go
pwhash_test.go
 
 

Repository files navigation

Opinionated password hashing library

GoDoc CircleCI

This library implements password hashing functions for Go web applications. It is intentionally not configurable to avoid security mistakes.

Using it is very simple. There are only two methods: Hash and Verify:

// When storing a password in the database:
password := "correct horse battery staple"
hash := pwhash.Hash(password)

// When checking a password for validity:
if !pwhash.Verify(password, hash) {
	// Oh no, the user entered the wrong password!
	showLoginPage()
	return
}
// User is logged in. Set up a session etc.

In the current configuration, it hashes passwords using argon2id, with 64MB memory, a time parameter of 1, and uses 4 threads. Passwords hashed this way should take under 50ms to verify on most systems.

Some other password formats are supported for backwards compatibility. This includes the PBKDF2-SHA256 hash in the Python hashlib and the Django format. More formats can be added if the need arises. Remember that this is only for legacy purposes, newly stored passwords will be in the argon2 format and thus better protected against cracking.

License

This library has been put into the public domain. For details, see LICENSE.txt or unlicense.org.

About

Simple password hashing library for Go.

Topics

golang argon2 pbkdf2 passwords argon2id

Resources

Readme

License

Unlicense license
Activity

Stars

3 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages