Password Hashing / Digest / Crypt library.
This library aims to provide a convenient layer over the go password hashing crypto functions.
A list of tasks that need to be accomplished are listed in the
General Project.
| Algorithm | Variants | Identifiers |
|---|---|---|
| Argon2 | Argon2id, Argon2i, Argon2d | argon2id, argon2i, argon2d |
| SHA-crypt | SHA256, SHA512 | 5, 6 |
| PBKDF2 | SHA1, SHA224, SHA256, SHA384, SHA512 | pbkdf2, pbkdf2-sha1, pbkdf2-sha224, pbkdf2-sha256, pbkdf2-sha384, pbkdf2-sha512 |
| bcrypt | bcrypt, bcrypt-sha256 | 2, 2a, 2b, 2x, 2y, bcrypt-sha256 |
| scrypt | scrypt | scrypt |
| md5crypt | standard, sun | 1, md5 |
| sha1crypt | standard | sha1 |
| PlainText | plaintext, base64 | plaintext, base64 |
In addition to the standard crypt functions we also support a plain text storage format which has a regular plain text variant and a Base64 format (for storage, not security).
The PHC string format we decided to use is as follows:
$<id>$<data>
Where id is either plaintext or base64, and data is either the password string or the
Base64 (Adapted) encoded string.
This algorithm was thought of by the developers of Passlib. It circumvents the issue in bcrypt where the maximum password length is effectively 72 bytes by passing the password via a HMAC-SHA-256 function which uses the salt bytes as the key.
Note: Only bcrypt-sha256 version 2 which uses the PHC string format and passes the password through a HMAC-SHA-256 function the salt as the key is supported. The bcrypt-sha256 version 1 which uses the Modular Crypt Format and only passes the password via a SHA-256 sum function not supported at all.
| Algorithm | Reasoning |
|---|---|
| Type 7 (cisco) | Explicit Backwards Compatibility and Interoperability |
| Type 8 (cisco) | Explicit Backwards Compatibility and Interoperability |
| Type 9 (cisco) | Explicit Backwards Compatibility and Interoperability |
| Type 10 (cisco) | Explicit Backwards Compatibility and Interoperability |
| LDAP RFC2307 | Explicit Backwards Compatibility and Interoperability |
Additional support for LDAP specific formats is also very likely, either via normalization and encoding options or via explicit algorithm variants and/or specific algorithms.
Many password storage formats use Base64 with an Adapted charset to store the bytes of the salt or hash key. This uses
the standard Base64 encoding without padding as per RFC4648 section 4 but replaces the + chars with a ..
Use go get to add this module to your project with go get github.com/go-crypt/crypt.
- go 1.21+
The following examples show how easy it is to interact with the argon2 algorithm. Most other algorithm implementations are relatively similar.
The algorithm.Hasher implementations use a functional options pattern. This pattern is accessible via the New
function in each algorithm package or via a receiver function of the individual algorithm.Hasher implementation called
WithOptions.
Most algorithm implementations have at least the following functional option signatures:
WithVariant(variant Variant) OptWithVariantName(identifier string) OptWithIterations(iterations int) Opt
With the exception of WithVariantName which takes a string, and WithVariant which takes a Variant type (which is
technically a int), nearly every functional option takes a single int. There are a few functional options which take
a single uint32 where the maximum value exceeds the maximum value for an untyped int on 32bit architectures.
If the uint32 methods are an issue for anyone using this module we suggest opening an issue and describing why and we'll
consider adding another functional option which takes an int.
While several convenience functions exist for building password decoders and checking individual passwords it is
STRONGLY RECOMMENDED that users implementing this library explicitly create a decoder that fits their particular
use case after sufficiently researching each algorithm and their benefits. At the time of this writing we strongly
recommend the argon2id variant of argon2.
This can be done via the crypt.NewDecoder function as shown below.
package main
import (
"fmt"
"github.com/go-crypt/crypt"
"github.com/go-crypt/crypt/algorithm"
"github.com/go-crypt/crypt/algorithm/argon2"
)
func main() {
var (
decoder *crypt.Decoder
err error
digest algorithm.Digest
)
if decoder, err = NewDecoderArgon2idOnly(); err != nil {
panic(err)
}
if digest, err = decoder.Decode("$argon2id$v=19$m=2097152,t=1,p=4$BjVeoTI4ntTQc0WkFQdLWg$OAUnkkyx5STI0Ixl+OSpv4JnI6J1TYWKuCuvIbUGHTY"); err != nil {
panic(err)
}
fmt.Printf("Digest Matches Password 'example': %t\n", digest.Match("example"))
fmt.Printf("Digest Matches Password 'invalid': %t\n", digest.Match("invalid"))
}
// NewDecoderArgon2idOnly returns a decoder which can only decode argon2id encoded digests.
func NewDecoderArgon2idOnly() (decoder *crypt.Decoder, err error) {
decoder = crypt.NewDecoder()
if err = argon2.RegisterDecoderArgon2id(decoder); err != nil {
return nil, err
}
return decoder, nil
}This method of checking passwords is recommended if you have a database of hashes which are going to live in memory. The
crypt.Digest and crypt.NullDigest types provide helpful interface implementations to simplify Marshal/Unmarshal and
database operations.
package main
import (
"fmt"
"github.com/go-crypt/crypt"
"github.com/go-crypt/crypt/algorithm"
)
func main() {
var (
decoder *crypt.Decoder
err error
digest algorithm.Digest
)
if decoder, err = crypt.NewDefaultDecoder(); err != nil {
panic(err)
}
if digest, err = decoder.Decode("$argon2id$v=19$m=2097152,t=1,p=4$BjVeoTI4ntTQc0WkFQdLWg$OAUnkkyx5STI0Ixl+OSpv4JnI6J1TYWKuCuvIbUGHTY"); err != nil {
panic(err)
}
fmt.Printf("Digest Matches Password 'example': %t\n", digest.Match("example"))
fmt.Printf("Digest Matches Password 'invalid': %t\n", digest.Match("invalid"))
}This method of checking passwords is quick and dirty and most useful when users are providing the hash as the input such as in situations where you are allowing them to check a password themselves via a CLI or otherwise.
package main
import (
"fmt"
"github.com/go-crypt/crypt"
)
func main() {
var (
valid bool
err error
)
if valid, err = crypt.CheckPassword("example","$argon2id$v=19$m=2097152,t=1,p=4$BjVeoTI4ntTQc0WkFQdLWg$OAUnkkyx5STI0Ixl+OSpv4JnI6J1TYWKuCuvIbUGHTY"); err != nil {
panic(err)
}
fmt.Printf("Digest Matches Password 'example': %t\n", valid)
if valid, err = crypt.CheckPassword("invalid","$argon2id$v=19$m=2097152,t=1,p=4$BjVeoTI4ntTQc0WkFQdLWg$OAUnkkyx5STI0Ixl+OSpv4JnI6J1TYWKuCuvIbUGHTY"); err != nil {
panic(err)
}
fmt.Printf("Digest Matches Password 'invalid': %t\n", valid)
}package main
import (
"fmt"
"github.com/go-crypt/crypt/algorithm"
"github.com/go-crypt/crypt/algorithm/argon2"
)
func main() {
var (
hasher *argon2.Hasher
err error
digest algorithm.Digest
)
if hasher, err = argon2.New(
argon2.WithProfileRFC9106LowMemory(),
); err != nil {
panic(err)
}
if digest, err = hasher.Hash("example"); err != nil {
panic(err)
}
fmt.Printf("Encoded Digest With Password 'example': %s\n", digest.Encode())
}