GitHub - intermernet/pw: pw is a Go library for password authentication

pw is a Go library for password authentication

It attempts to put into practice the methodology described in CrackStation's "Salted Password Hashing - Doing it Right".

It uses scrypt for key derivation, and assumes the use of an HMAC key for extra security.

The HMAC Key should be provided from somewhere outside of the database which stores the user IDs, hashes and salts. It should, at least, be stored in a secure file on the server, but it's recommended to use an external server, or service, to provide the HMAC key.

The generated hashes are 256 bits in length, as are any generated salts.

The input HMAC key and password are only limited in length by the underlying Go crypto libraries.

Documentation available at https://pkg.go.dev/github.com/intermernet/pw

See the Go playground for a usage example.

Name		Name	Last commit message	Last commit date
Latest commit History 66 Commits
.travis.yml		.travis.yml
LICENSE.md		LICENSE.md
README.md		README.md
go.mod		go.mod
go.sum		go.sum
pw.go		pw.go
pw_test.go		pw_test.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.travis.yml

.travis.yml

LICENSE.md

LICENSE.md

README.md

README.md

go.mod

go.mod

go.sum

go.sum

pw.go

pw.go

pw_test.go

pw_test.go

Repository files navigation

About

Releases

Packages

Languages

License

intermernet/pw

Folders and files

Latest commit

History

Repository files navigation

About

Resources

License

Stars

Watchers

Forks

Languages