You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Sep 6, 2024. It is now read-only.
Argon2 password hashing package with constant time hash comparison
Preface:
Argon2 was selected as the winner of the Password Hashing Competition. Argon2 is ideal for deriving cryptographic keys from passwords.
This package utilizes the Argon2i hashing algorithm that is the side-channel resistant version of Argon2. It uses data-independent memory access, which is preferred for password hashing and password-based key derivation. Argon2i requires more passes over memory than Argon2id to protect from trade-off attacks.
The generated salted hash is ideal for persistent storage in a single column as a string and is future proof if time or memory parameters for argon2i change.
Additionally, argon2pw includes a function for password comparison in constant time to prevent timing attack vectors.
Usage:
package main
import"github.com/raja/argon2pw"funcmain() {
// Generate a hashed passwordtestPassword:=`testPassword$x1w432b7^`hashedPassword, err:=argon2pw.GenerateSaltedHash(testPassword)
iferr!=nil {
log.Panicf("Hash generated returned error: %v", err)
}
// Test correct password in constant timevalid, err:=argon2pw.CompareHashWithPassword(hashedPassword, testPassword)
log.Printf("The password validity is %t against the hash", valid)
// Test incorrect password in constant timevalid, err=argon2pw.CompareHashWithPassword(hashedPassword, "badPass")
log.Printf("The password validity is %t against the hash", valid)
}
About
Argon2 password hashing package for go with constant time hash comparison
