Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/raja/argon2pw
Argon2 password hashing package for go with constant time hash comparison
https://github.com/raja/argon2pw
argon2 cryptography go golang passwords
Last synced: about 2 months ago
JSON representation
Argon2 password hashing package for go with constant time hash comparison
- Host: GitHub
- URL: https://github.com/raja/argon2pw
- Owner: raja
- License: gpl-3.0
- Created: 2018-03-13T13:56:36.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2021-09-10T18:37:55.000Z (almost 3 years ago)
- Last Synced: 2024-01-31T05:50:23.194Z (5 months ago)
- Topics: argon2, cryptography, go, golang, passwords
- Language: Go
- Homepage:
- Size: 22.5 KB
- Stars: 90
- Watchers: 4
- Forks: 9
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Lists
- awesome-go - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go-extra - argon2pw - 03-13T13:56:36Z|2021-09-10T18:37:55Z| (Security / HTTP Clients)
- awesome-go-cn - argon2pw
- awesome-go-zh - argon2pw
- awesome-go - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go-cn - argon2pw
- awesome-go - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go-projects - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go - argon2pw - time password comparison. | 72 | 6 | 0 | (Security / HTTP Clients)
- awesome-go - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go-with-framework - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- zero-alloc-awesome-go - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go-cn - argon2pw
- awesome-go-stars - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go-cn - argon2pw
- awesome-go-with-stars - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- repo-1316-awesome-go-cn - argon2pw
- repo-1211-awesome-go-cn - argon2pw
- awesome-Char - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-reader - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- Go-awesome - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go-cn - argon2pw - time password comparison.) (安全 / Advanced Console UIs)
- go-awesome-cn-star - argon2pw
- awesome-go-handwritten - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go2 - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / Advanced Console UIs)
- awesome-go - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go - argon2pw - Argon2 password hash generation with constant-time password comparison. - :arrow_down:0 - :star:59 (Security / HTTP Clients)
- awesome-go - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go-zh - argon2pw
- awesome-go - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
- awesome-go - argon2pw - Argon2 password hashing package for go with constant time hash comparison - ★ 63 (Security)
README
# argon2pw
[](https://godoc.org/github.com/raja/argon2pw)
[](https://travis-ci.org/raja/argon2pw)
[](https://goreportcard.com/report/github.com/raja/argon2pw)
Argon2 password hashing package with constant time hash comparison
**Preface:**
Argon2 was selected as the winner of the [Password Hashing Competition](https://password-hashing.net/). Argon2 is ideal for deriving cryptographic keys from passwords.
This package utilizes the Argon2i hashing algorithm that is the side-channel resistant version of Argon2. It uses data-independent memory access, which is preferred for password hashing and password-based key derivation. Argon2i requires more passes over memory than Argon2id to protect from trade-off attacks.
The generated salted hash is ideal for persistent storage in a single column as a string and is future proof if time or memory parameters for argon2i change.
Additionally, argon2pw includes a function for password comparison in constant time to prevent [timing attack](https://en.wikipedia.org/wiki/Timing_attack) vectors.
**Usage:**
```go
package main
import "github.com/raja/argon2pw"
func main() {
// Generate a hashed password
testPassword := `testPassword$x1w432b7^`
hashedPassword, err := argon2pw.GenerateSaltedHash(testPassword)
if err != nil {
log.Panicf("Hash generated returned error: %v", err)
}
// Test correct password in constant time
valid, err := argon2pw.CompareHashWithPassword(hashedPassword, testPassword)
log.Printf("The password validity is %t against the hash", valid)
// Test incorrect password in constant time
valid, err = argon2pw.CompareHashWithPassword(hashedPassword, "badPass")
log.Printf("The password validity is %t against the hash", valid)
}
```