Skip to content

v1.144.0

Choose a tag to compare

@github-actions github-actions released this 10 Jul 12:50
5f82870

✨ Features

pkg/passwordhash: PHC string format support

Optional support for the cross-language PHC string format ($argon2id$v=19$m=...,t=...,p=...$salt$key) alongside the default self-describing base64-JSON format. This enables password-hash interoperability with other ecosystems — PHP password_hash, Python argon2-cffi/passlib, and the Argon2 reference CLI — without bulk re-hashing.

  • WithFormat(f, accept...) selects the serialization emitted by PasswordHash and the set of formats PasswordNeedsRehash treats as current. The default remains base64 JSON, so existing deployments are unaffected.
  • Auto-detected verification: PasswordVerify and PasswordNeedsRehash detect each stored value's format from its leading $, so both formats can coexist in one store, switching formats never invalidates a credential, and externally minted argon2id PHC hashes verify with no configuration change.
  • Format-aware rehash migration: PasswordNeedsRehash flags hashes stored in a non-accepted format as needing a rehash even when their Argon2 parameters are current, so a store converges to the configured format through the ordinary rehash-on-login flow. Listing both formats via accept keeps a deliberately mixed store; verification is never restricted by this option.
  • Safe by default: unknown emit values normalize to FormatJSON and unknown accept values are ignored (never aliased), so misconfiguration can neither select an unsupported serialization nor silently widen the accepted set. Pepper-encrypted methods are unaffected.
  • Strict, secure PHC parsing: deserialized parameters flow through the same bounds validation as the JSON format; only argon2id at version 19 with cost parameters in m,t,p order is accepted; optional keyid/data attributes and padded base64 are rejected; newline characters and non-canonical base64 trailing bits are rejected so byte-distinct strings can never decode to the same salt/key; and $/comma splits are capped so adversarial inputs cannot allocate large slices before rejection.

Tests pin the wire format with a frozen PHC reference, cross-implementation interop against a vector minted by PHP's password_hash(PASSWORD_ARGON2ID), cross-format verifiability, convergence/mixed-store semantics, and 15 malformed-PHC rejection cases. Fuzz seeds cover the PHC decode path, plus a new benchmark for PHC verification against the JSON baseline. Coverage remains 100% with a clean strict lint run.

🔧 Maintenance

  • Updated dependencies

Full Changelog: v1.143.0...v1.144.0