Skip to content
goArgonPass is a Argon2 Password utility package for Go using the crypto library package Argon2. Argon2 was the winner of the most recent Password Hashing Competition. This is designed for use anywhere password hashing and verification might be needed and is intended to replace implementations using bcrypt or Scrypt.
Branch: master
Clone or download
Latest commit d0889cf Mar 11, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
example Add ArgonVariant Type Mar 11, 2019
vendor go mod Mar 11, 2019
.drone.yml cleanup Mar 11, 2019
.gitattributes Initial commit May 24, 2018
.travis.yml travis config Jun 6, 2018
LICENSE cleanup Mar 11, 2019
README.md Update README.md Mar 12, 2019
errors.go Improved test coverage and error handling Jun 6, 2018
go.mod go mod Mar 11, 2019
go.sum go mod Mar 11, 2019
password.go Export defaults Mar 11, 2019
password_test.go Improve testing Mar 11, 2019

README.md

goArgonPass

GoDoc cover.run Build Status Coverage Status Go Report Card

Master: Build Status codecov

Dev: Build Status codecov

All hashing and crypto is done by Go library packages. This is only a utility package to make the process described easier.

Description

goArgonPass is a Argon2 Password utility package for Go using the crypto library package Argon2. Argon2 was the winner of the most recent Password Hashing Competition and doesn't suffer from issues that Bcrypt has such as truncating input over 72 characters. This is designed for use anywhere password hashing and verification might be needed and is intended to replace implementations using bcrypt or Scrypt. The string input/output format was designed to be compatible with Passlib for Python and Argon2 PHP, and you should have full compatibility using the argon2i function, but will not be able to use argon2id, which is the default for this pacakge until those libraries are updated to support it. I encourage you to find the parameters that work best for your application, but the defaults are resonable for an interactive use such as a web application login.

The default Argon2 function is Argon2id, which is a hybrid version of Argon2 combining Argon2i and Argon2d. Argon2id is side-channel resistant and provides better brute- force cost savings due to time-memory tradeoffs than Argon2i, but Argon2i is still plenty secure.

IETF Recommendation is:

Argon2id variant with t=1 and maximum available memory is recommended as a default setting for all environments. This setting is secure against side-channel attacks and maximizes adversarial costs on dedicated bruteforce hardware.

Get Started

go get github.com/dwin/goArgonPass

See example/example.go:

import (
    "fmt"
    "os"

    "github.com/dwin/goArgonPass"
)

func main() {
    // Obtain user password from form or other input
    userPassInput := "password"

    // Hash with Default Parameters
    hash, err := argonpass.Hash(userPassInput)
    if err != nil {
        // Handle Error
        os.Exit(1)
    }
    fmt.Println("Hash Output: ", hash)
    // Verify Hash
    err = argonpass.Verify(userPassInput, hash)
    if err != nil {
        fmt.Println("Hash verification error: ", err)
    }
    fmt.Println("Hash verified")
}

Output Format

$ argon2id$v=19$m=65536,t=1,p=4$in2Oi1x57p0=$FopwSR12aLJ9OGPw1rKU5K5osAOGxOJzxC/shk+i850=

$ argon2{function(i/id)}$v={version}$m={memory},t={time},p={parallelism}${salt(base64)}${digest(base64)}

Other Notes

Custom Parameters

Set Custom Parameters by passing ArgonParams{} to Hash().

Parameter Type Default Valid Range
Time uint32 1 >= 1
Memory uint32 65536 >= 1024
Parallelism uint8 4 1-64
OutputSize uint32 1 16-512
Function ArgonVariant ArgonVariant2id ArgonVariant2id - ArgonVariant2i
SaltSize uint8 8 8-64
type ArgonParams struct {
    Time        uint32
    Memory      uint32
    Parallelism uint8
    OutputSize  uint32
    Function    ArgonVariant
    SaltSize    uint8
}
You can’t perform that action at this time.