Skip to content
mcf is a Go library for creating, verifying, upgrading and managing a variety of hashed password schemes
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bcrypt
bridge
encoder
password
pbkdf2
scrypt
test
.gitignore
@build.do
@clean.do
@tests.do
DIRS
Makefile
README.md
doc.go
encoding.go
mcf.go

README.md

Description

mcf is a Go library for creating, verifying, upgrading and managing a variety of hashed password schemes.

mcf provides a simple API for applications to use a variety of password hashing schemes, including bcrypt, scrypt, and pbkdf2 as well a management mechanism to easily and transparently set the default password scheme, change schemes, or change scheme parameters such as work factors, salt length, key length without rewriting the application.

In addition to the separation of usage and policy model of the UNIX password mechanism, mcf borrows the /etc/passwd format and generates passwords in the [Modular Crypt Format (MCF)] (http://pythonhosted.org/passlib/modular_crypt_format.html), allowing for the simultaneous existence of multiple types and generations of passwords.

As a text format, it provides for easy database storage and subsequent verification.

Any application would benefit from the simplicity, ease and secure defaults of this package. Applications and web sites that need to support multiple password hashing mechanisms and/or need to allow for different upgrade policies would find it especially useful.

Install

mcf can be installed with the command:

`go get github.com/gyepisam/mcf`

Example

Here is a simple example on how to use mcf to generate pbkdf2 hashed passwords. Note that the same example would work for any other scheme and multiple schemes can exist concurrently.

import "github.com/gyepisam/mcf"
import "github.com/gyepisam/mcf/pbkdf2"

To create a password, assuming you have the username and plaintext variables from a user signup session:

passwd, err := mcf.Create(plaintext)
// error handling elided
// Store passwd in database

To verify a password, assuming you have the username and plaintext variables from a user login session and have retrieved the stored password from the database into the passwd variable:

isValid, err := mcf.Verify(plaintext, passwd)
// error handling elided.

The verification can be combined with automated password upgrades with code like this:

isValid, err := mcf.Verify(plaintext, passwd)
// error handling elided.

if !isValid {
    // fail -- failed password verification
    return false
}

isCurrent, err := mcf.IsCurrent(passwd)
// error handling elided

if !isCurrent {
  newPasswd, err := mcf.Create(plaintext)
  // error handling elided
  // Update passwd in database
}

// success!

With this method, user passwords will be transparently and automatically upgraded to use any new schemes or stronger work factors set by policy through the management API.

Author

mcf is written by Gyepi Sam self-github@gyepi.com and is released under a BSD license.

I welcome any and all feedback on this software.

-Gyepi Sam

You can’t perform that action at this time.