{"id":13413793,"url":"https://github.com/elithrar/simple-scrypt","last_synced_at":"2025-12-25T19:57:46.902Z","repository":{"id":30363111,"uuid":"33915633","full_name":"elithrar/simple-scrypt","owner":"elithrar","description":"A convenience library for generating, comparing and inspecting password hashes using the scrypt KDF in Go 🔑","archived":false,"fork":false,"pushed_at":"2021-04-12T20:33:15.000Z","size":43,"stargazers_count":197,"open_issues_count":3,"forks_count":27,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-04-10T04:56:44.444Z","etag":null,"topics":["go","hash","password","password-hash","scrypt"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/elithrar.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-04-14T06:52:21.000Z","updated_at":"2025-02-19T17:45:12.000Z","dependencies_parsed_at":"2022-09-26T17:41:13.918Z","dependency_job_id":null,"html_url":"https://github.com/elithrar/simple-scrypt","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elithrar%2Fsimple-scrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elithrar%2Fsimple-scrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elithrar%2Fsimple-scrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elithrar%2Fsimple-scrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/elithrar","download_url":"https://codeload.github.com/elithrar/simple-scrypt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248586244,"owners_count":21128996,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go","hash","password","password-hash","scrypt"],"created_at":"2024-07-30T20:01:49.455Z","updated_at":"2025-12-25T19:57:46.894Z","avatar_url":"https://github.com/elithrar.png","language":"Go","readme":"# simple-scrypt\n[![GoDoc](https://godoc.org/github.com/elithrar/simple-scrypt?status.svg)](https://godoc.org/github.com/elithrar/simple-scrypt)\n\nsimple-scrypt provides a convenience wrapper around Go's existing\n[scrypt](http://golang.org/x/crypto/scrypt) package that makes it easier to\nsecurely derive strong keys (\"hash user passwords\"). This library allows you to:\n\n* Generate a scrypt derived key with a cryptographically secure salt and sane\n  default parameters for N, r and p.\n* Upgrade the parameters used to generate keys as hardware improves by storing\n  them with the derived key (the scrypt spec. doesn't allow for this by\n  default).\n* Provide your own parameters (if you wish to).\n\nThe API closely mirrors Go's [bcrypt](https://golang.org/x/crypto/bcrypt)\nlibrary in an effort to make it easy to migrate—and because it's an easy to grok\nAPI.\n\n## Installation\n\nWith a [working Go toolchain](https://golang.org/doc/code.html):\n\n```sh\ngo get -u github.com/elithrar/simple-scrypt\n```\n\n## Example\n\nsimple-scrypt doesn't try to re-invent the wheel or do anything \"special\". It\nwraps the `scrypt.Key` function as thinly as possible, generates a\ncryptographically secure salt for you using Go's `crypto/rand` package, and\nreturns the derived key with the parameters prepended:\n\n```go\npackage main\n\nimport(\n    \"fmt\"\n    \"log\"\n\n    \"github.com/elithrar/simple-scrypt\"\n)\n\nfunc main() {\n    // e.g. r.PostFormValue(\"password\")\n    passwordFromForm := \"prew8fid9hick6c\"\n\n    // Generates a derived key of the form \"N$r$p$salt$dk\" where N, r and p are defined as per\n    // Colin Percival's scrypt paper: http://www.tarsnap.com/scrypt/scrypt.pdf\n    // scrypt.DefaultParams (N=16384, r=8, p=1) makes it easy to provide these parameters, and\n    // (should you wish) provide your own values via the scrypt.Params type.\n    hash, err := scrypt.GenerateFromPassword([]byte(passwordFromForm), scrypt.DefaultParams)\n    if err != nil {\n        log.Fatal(err)\n    }\n\n    // Print the derived key with its parameters prepended.\n    fmt.Printf(\"%s\\n\", hash)\n\n    // Uses the parameters from the existing derived key. Return an error if they don't match.\n    err = scrypt.CompareHashAndPassword(hash, []byte(passwordFromForm))\n    if err != nil {\n        log.Fatal(err)\n    }\n}\n```\n\n## Upgrading Parameters\n\nUpgrading derived keys from a set of parameters to a \"stronger\" set of parameters\nas hardware improves, or as you scale (and move your auth process to separate\nhardware), can be pretty useful. Here's how to do it with simple-scrypt:\n\n```go\nfunc main() {\n    // SCENE: We've successfully authenticated a user, compared their submitted\n    // (cleartext) password against the derived key stored in our database, and\n    // now want to upgrade the parameters (more rounds, more parallelism) to\n    // reflect some shiny new hardware we just purchased. As the user is logging\n    // in, we can retrieve the parameters used to generate their key, and if\n    // they don't match our \"new\" parameters, we can re-generate the key while\n    // we still have the cleartext password in memory\n    // (e.g. before the HTTP request ends).\n    current, err := scrypt.Cost(hash)\n    if err != nil {\n        log.Fatal(err)\n    }\n\n    // Now to check them against our own Params struct (e.g. using reflect.DeepEqual)\n    // and determine whether we want to generate a new key with our \"upgraded\" parameters.\n    slower := scrypt.Params{\n        N: 32768,\n        R: 8,\n        P: 2,\n        SaltLen: 16,\n        DKLen: 32,\n    }\n\n    if !reflect.DeepEqual(current, slower) {\n        // Re-generate the key with the slower parameters\n        // here using scrypt.GenerateFromPassword\n    }\n}\n```\n\n## Automatically Determining Parameters\n\nThanks to the work by [tgulacsi](https://github.com/tgulacsi), you can have simple-scrypt\nautomatically determine the optimal parameters for you (time vs. memory). You should run this once\non program startup, as calibrating parameters can be an expensive operation.\n\n```go\nvar params scrypt.Params\n\nfunc main() {\n    var err error\n    // 500ms, 64MB of RAM per hash.\n    params, err = scrypt.Calibrate(500*time.Millisecond, 64, scrypt.Params{})\n    if err != nil {\n        log.Fatal(err)\n    }\n\n    ...\n}\n\nfunc RegisterUserHandler(w http.ResponseWriter, r *http.Request) {\n    err := r.ParseForm()\n    if err != nil {\n        http.Error(w, err.Error(), http.StatusBadRequest)\n        return\n    }\n\n    // Make sure you validate: not empty, not too long, etc.\n    email := r.PostFormValue(\"email\")\n    pass := r.PostFormValue(\"password\")\n\n    // Use our calibrated parameters\n    hash, err := scrypt.GenerateFromPassword([]byte(pass), params)\n    if err != nil {\n        http.Error(w, err.Error(), http.StatusBadRequest)\n        return\n    }\n\n    // Save to DB, etc.\n}\n```\n\nBe aware that increasing these, whilst making it harder to brute-force the resulting hash, also\nincreases the risk of a denial-of-service attack against your server. A surge in authenticate\nattempts (even if legitimate!) could consume all available resources.\n\n## License\n\nMIT Licensed. See LICENSE file for details.\n\n","funding_links":[],"categories":["Security","Go","安全领域相关库","Encryption","安全","Relational Databases","安全性","\u003cspan id=\"安全-security\"\u003e安全 Security\u003c/span\u003e"],"sub_categories":["HTTP Clients","查询语","Advanced Console UIs","HTTP客户端","交流","高級控制台界面","\u003cspan id=\"高级控制台用户界面-advanced-console-uis\"\u003e高级控制台用户界面 Advanced Console UIs\u003c/span\u003e","高级控制台界面"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felithrar%2Fsimple-scrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Felithrar%2Fsimple-scrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felithrar%2Fsimple-scrypt/lists"}