/
hasher.go
61 lines (47 loc) · 1.52 KB
/
hasher.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package password
import (
"bytes"
"crypto/rand"
"crypto/sha256"
"encoding/base64"
"fmt"
"strings"
"golang.org/x/crypto/pbkdf2"
)
const (
saltSize = 64
keySize = 256
iterations = 15000
)
// Hasher provides methods to hash and verify passwords,
// using a 64 bit salt and a 256 bit key, iterating 15000 times.
type Hasher struct {
}
// NewHasher is a factory to create an instance of Hasher.
func NewHasher() *Hasher {
return &Hasher{}
}
// Hash takes a password and hashes it using a SHA256 algorithm.
// The password hash is provided in a format of <hash>.<salt>
func (*Hasher) Hash(pwd string) string {
saltBytes := make([]byte, saltSize)
rand.Read(saltBytes)
saltString := base64.StdEncoding.EncodeToString(saltBytes)
salt := bytes.NewBufferString(saltString).Bytes()
df := pbkdf2.Key([]byte(pwd), salt, iterations, keySize, sha256.New)
cipherText := base64.StdEncoding.EncodeToString(df)
return fmt.Sprintf("%s.%s", cipherText, saltString)
}
// Verify validates a password with a given hash. Hashes the given
// password then compares it with the existing hash.
func (*Hasher) Verify(pwd, pwdHash string) bool {
if pwd == "" || pwdHash == "" || !strings.Contains(pwdHash, ".") {
return false
}
cipherText := strings.Split(pwdHash, ".")[0]
saltString := strings.Split(pwdHash, ".")[1]
saltBytes := bytes.NewBufferString(saltString).Bytes()
df := pbkdf2.Key([]byte(pwd), saltBytes, iterations, keySize, sha256.New)
newCipherText := base64.StdEncoding.EncodeToString(df)
return newCipherText == cipherText
}