{"id":43601970,"url":"https://github.com/xianghuzhao/kdfcrypt","last_synced_at":"2026-02-04T06:05:50.187Z","repository":{"id":57491803,"uuid":"198600004","full_name":"xianghuzhao/kdfcrypt","owner":"xianghuzhao","description":"Go library for password hashing with KDF (key derivation function)","archived":false,"fork":false,"pushed_at":"2025-12-04T06:31:36.000Z","size":33,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-12-07T13:24:15.251Z","etag":null,"topics":["argon2","kdf","key-derivation-function","password-hashing","password-validation","pbkdf2","scrypt"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xianghuzhao.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-07-24T09:13:01.000Z","updated_at":"2025-12-04T06:30:59.000Z","dependencies_parsed_at":"2022-08-30T23:21:10.320Z","dependency_job_id":null,"html_url":"https://github.com/xianghuzhao/kdfcrypt","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/xianghuzhao/kdfcrypt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xianghuzhao%2Fkdfcrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xianghuzhao%2Fkdfcrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xianghuzhao%2Fkdfcrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xianghuzhao%2Fkdfcrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xianghuzhao","download_url":"https://codeload.github.com/xianghuzhao/kdfcrypt/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xianghuzhao%2Fkdfcrypt/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29072515,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-04T03:31:03.593Z","status":"ssl_error","status_checked_at":"2026-02-04T03:29:50.742Z","response_time":62,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["argon2","kdf","key-derivation-function","password-hashing","password-validation","pbkdf2","scrypt"],"created_at":"2026-02-04T06:05:48.197Z","updated_at":"2026-02-04T06:05:50.177Z","avatar_url":"https://github.com/xianghuzhao.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Key derivation function for password hashing\n\n[![GoDoc](https://godoc.org/github.com/xianghuzhao/kdfcrypt?status.svg)](https://godoc.org/github.com/xianghuzhao/kdfcrypt)\n\n`kdfcrypt` is a library for using KDF (key derivation function) to\ngenerate password hashing.\n\nWith this library, it is easy to make multiple password hashing\nalgorithms coexist in the same program.\n\nThe currently supported KDFs are\n[argon2](https://en.wikipedia.org/wiki/Argon2),\n[scrypt](https://en.bitcoinwiki.org/wiki/Scrypt),\n[pbkdf2](https://en.wikipedia.org/wiki/PBKDF2) and\n[hkdf](https://en.wikipedia.org/wiki/HKDF).\n`argon2id` is the recommended choice for password hashing.\n\nThese algorithms are implemented in\n[`golang.org/x/crypto`](https://godoc.org/golang.org/x/crypto).\n\n\n## Example\n\n### Password verification\n\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/xianghuzhao/kdfcrypt\"\n)\n\nfunc main() {\n\tencoded, _ := kdfcrypt.Encode(\"password\", \u0026kdfcrypt.Option{\n\t\tAlgorithm:        \"argon2id\",\n\t\tParam:            \"m=65536,t=1,p=4\",\n\t\tRandomSaltLength: 16,\n\t\tHashLength:       32,\n\t})\n\n\t// $argon2id$v=19,m=65536,t=1,p=4$mD+rvcR+6nuAV6MJFOmDjw$IqfwTPk9RMGeOv4pCE1QiURuSoi655GUVjcQAk81eXM\n\tfmt.Println(encoded)\n\n\tmatch, _ := kdfcrypt.Verify(\"password\", encoded)\n\tfmt.Println(match) // true\n}\n```\n\n\n### Generate key for AES-256\n\nFor the case of getting a derived key for AES-256 (which needs a 32-byte key):\n\n```go\nkdf, err := kdfcrypt.CreateKDF(\"argon2id\", \"m=4096,t=1,p=1\")\nsalt, err := kdfcrypt.GenerateRandomSalt(16)\naes256Key, err := kdf.Derive(\"password\", salt, 32)\n```\n\nThe KDF algorithm, param and salt must be preserved in order to get\nthe same key again.\n\n\n## Format of the encoded password\n\nPassword will be encoded into a single string which could be safely\nsaved.\n\nThere are four parts of the encoded string which are splitted by \"`$`\".\n\n1. The name of KDF.\n2. Param string of the KDF, which depends on KDF.\n3. Salt encoded with base64.\n4. Hash key encoded with base64.\n\n```\n$argon2id$v=19,m=4096,t=1,p=1$4ns1ibGJDR6IQufkbT8E/w$WQ2lAwbDhZmZQMCMg74L00OHUFzn/IvbwDaxU6bgIys\n$ KDF    $ param             $ salt (base64)        $ hash (base64)\n```\n\n\n## Option\n\nThe `Option` struct is passed as argument for `Encode`.\n\n1. Algorithm: Could be one of `argon2id`, `argon2i`, `scrypt`, `pbkdf`,\n   `hkdf`.\n2. Param: String for the KDF param. Different items are separated by\n   comma \"`,`\". The detailed items vary among different KDFs.\n3. RandomSaltLength: The length for the random salt in byte. If `Salt`\n   is not empty, `RandomSaltLength` will be ignored.\n4. Salt: Salt for the hash.\n5. HashLength: The length of the hash result in byte.\n\nYou are able to set the salt explicitly:\n\n```go\nencoded, _ := kdfcrypt.Encode(\"password\", \u0026kdfcrypt.Option{\n\tAlgorithm:        \"argon2id\",\n\tParam:            \"m=4096,t=1,p=1\",\n\tSalt:             \"This_is_fixed_salt\",\n\tHashLength:       32,\n})\n```\n\nIf you would like to use random salt, do not set the `Salt` and set the\n`RandomSaltLength`:\n\n```go\nencoded, _ := kdfcrypt.Encode(\"password\", \u0026kdfcrypt.Option{\n\tAlgorithm:        \"argon2id\",\n\tParam:            \"m=4096,t=1,p=1\",\n\tRandomSaltLength: 16,\n\tHashLength:       32,\n})\n```\n\n## Supported KDF\n\n### Argon2\n\nTwo variants `argon2i` and `argon2id` are provided.\n\n```go\nencodedArgon2i, _ := kdfcrypt.Encode(\"password\", \u0026kdfcrypt.Option{\n\tAlgorithm:        \"argon2i\",\n\tParam:            \"m=4096,t=1,p=1\",\n})\n// $argon2i$v=19,m=4096,t=1,p=1$HGi1YMTQxF+LYrcsnAz2YQ$vB3J0eDGCeq2l8Ky96OqB1P9rr8KPOQZzEScZnq1IUA\n\nencodedArgon2id, _ := kdfcrypt.Encode(\"password\", \u0026kdfcrypt.Option{\n\tAlgorithm:        \"argon2id\",\n\tParam:            \"m=4096,t=1,p=1\",\n})\n// $argon2id$v=19,m=4096,t=1,p=1$23wOTcL162eix5YdOdOvqg$Il5kKW+CX+s6a8d6LtEnQ5k0bvBnfkuZXKkXq+Krx1I\n```\n\nThe param consists of three parts:\n\n1. m: memory, memory usage.\n2. t: iterations, CPU cost.\n3. p: parallelism, number of threads.\n\n\n### Scrypt\n\n```go\nencoded, _ := kdfcrypt.Encode(\"password\", \u0026kdfcrypt.Option{\n\tAlgorithm:        \"scrypt\",\n\tParam:            \"N=32768,r=8,p=1\",\n})\n// $scrypt$N=32768,r=8,p=1$v3T+aMCko9ZsovBnyWIdxQ$GTDo1AEPht8SL8Q+3y0FvWpPvzn5ZZNpwoqG+WOLsyI\n```\n\n1. N: CPU/memory cost parameter, which must be a power of two greater\n   than 1.\n2. r: The blocksize parameter, which fine-tunes sequential memory read\n   size and performance. 8 is commonly used.\n3. p: Parallelization parameter.\n\n\n### PBKDF2\n\n```go\nencoded, _ := kdfcrypt.Encode(\"password\", \u0026kdfcrypt.Option{\n\tAlgorithm:        \"pbkdf2\",\n\tParam:            \"iter=1024,hash=sha512\",\n})\n// $pbkdf2$iter=1024,hash=sha512$fvGxGq7tHzPgTJ3lGvl6XQ$O19iePvAQtlZ7nC5f5cS4C76bur9qMLp6dlPdXFiFTc\n```\n\nThe `iter` is the iteration count for PBKDF.\n\nThe `hash` type could be one of the followings:\n\n* md5\n* sha1\n* sha224\n* sha256\n* sha512\n* sha384\n* sha512/224\n* sha512/256\n\n\n### HKDF\n\nHKDF should not be used for password storage.\n\n```go\nkdf, err := kdfcrypt.CreateKDF(\"hkdf\", \"hash=sha512,info=hkdf-test\")\nsalt, err := kdfcrypt.GenerateRandomSalt(16)\nkey, err := kdf.Derive(\"password\", salt, 32)\n```\n\nThe `hash` type is the same as PBKDF.\nThe `info` is optional.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxianghuzhao%2Fkdfcrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxianghuzhao%2Fkdfcrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxianghuzhao%2Fkdfcrypt/lists"}