Skip to content
Argon2 password hashing package for go with constant time hash comparison
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore Initial commit Mar 13, 2018
.travis.yml valid travis yml Mar 13, 2018
LICENSE Initial commit Mar 13, 2018
README.md Added GoReportCard badge to Readme Mar 15, 2018
argon2pw.go minor refactor of salt generaton function Sep 5, 2018
argon2pw_test.go Added support for argon2id along with more tests Sep 5, 2018

README.md

argon2pw

GoDoc Build Status Go Report Card

Argon2 password hashing package with constant time hash comparison

Preface: Argon2 was selected as the winner of the Password Hashing Competition. Argon2 is ideal for deriving cryptographic keys from passwords.

This package utilizes the Argon2i hashing algorithm that is the side-channel resistant version of Argon2. It uses data-independent memory access, which is preferred for password hashing and password-based key derivation. Argon2i requires more passes over memory than Argon2id to protect from trade-off attacks.

The generated salted hash is ideal for persistent storage in a single column as a string and is future proof if time or memory parameters for argon2i change.

Additionally, argon2pw includes a function for password comparison in constant time to prevent timing attack vectors.

Usage:

package main
import "github.com/raja/argon2pw"

 func main() {
	 // Generate a hashed password
	 testPassword := `testPassword$x1w432b7^`
	 hashedPassword, err := argon2pw.GenerateSaltedHash(testPassword)
	 if err != nil {
         log.Panicf("Hash generated returned error: %v", err)
	 }

	 // Test correct password in constant time
	 valid, err := argon2pw.CompareHashWithPassword(hashedPassword, testPassword)
	 log.Printf("The password validity is %t against the hash", valid)

	 // Test incorrect password in constant time
	 valid, err = argon2pw.CompareHashWithPassword(hashedPassword, "badPass")
	 log.Printf("The password validity is %t against the hash", valid)
 }
You can’t perform that action at this time.