Very strong password digests for Go
License
patrickmn/go-hmaccrypt
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
master
Could not load branches
Nothing to show
Could not load tags
Nothing to show
{{ refName }}
default
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code
-
Clone
Use Git or checkout with SVN using the web URL.
Work fast with our official CLI. Learn more about the CLI.
- Open with GitHub Desktop
- Download ZIP
Sign In Required
Please sign in to use Codespaces.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching Xcode
If nothing happens, download Xcode and try again.
Launching Visual Studio Code
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
go-hmaccrypt provides very strong password digests using a combination of a peppered hash-based message authentication code (HMAC) and a salted adaptive key derivation function like bcrypt. A digest of each password is generated using e.g. HMAC-SHA512 with a pepper--a value stored separately from the final digests--after which a bcrypt digest of the HMAC digest is generated. The bcrypt digest is saved in e.g. a database. With this approach, you can ensure the safety of user passwords even if an SQL injection compromises the contents of your database's users table, or if a weakness is found in e.g. bcrypt. This approach is described on https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Password_Storage go-hmaccrypt can be used safely by multiple goroutines. == Installation go get github.com/pmylund/go-hmaccrypt == Documentation go doc github.com/pmylund/go-hmaccrypt or http://go.pkgdoc.org/github.com/pmylund/go-hmaccrypt == Usage import ( "crypto/sha512" "github.com/pmylund/go-hmaccrypt" ) pepper := []byte("randomly generated sequence stored on disk or in the source") crypt := hmaccrypt.New(sha512.New, pepper) password := []byte("f00b4r!") digest, err := crypt.Bcrypt(password, 10) if err != nil { ... } // save the bcrypt digest in the database if err := crypt.BcryptCompare(digest, password); err == nil { // the password is a match ... }
About
Very strong password digests for Go
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published