Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/raja/argon2pw

Argon2 password hashing package for go with constant time hash comparison
https://github.com/raja/argon2pw

argon2 cryptography go golang passwords

Last synced: about 2 months ago
JSON representation

Argon2 password hashing package for go with constant time hash comparison

Host: GitHub
URL: https://github.com/raja/argon2pw
Owner: raja
License: gpl-3.0
Created: 2018-03-13T13:56:36.000Z (almost 7 years ago)
Default Branch: master
Last Pushed: 2021-09-10T18:37:55.000Z (over 3 years ago)
Last Synced: 2024-07-31T20:52:50.064Z (4 months ago)
Topics: argon2, cryptography, go, golang, passwords
Language: Go
Homepage:
Size: 22.5 KB
Stars: 89
Watchers: 4
Forks: 9
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-go - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
zero-alloc-awesome-go - argon2pw - Argon2 password hash generation with constant-time password comparison. (Security / HTTP Clients)
awesome-go - argon2pw - Argon2 password hashing package for go with constant time hash comparison - ★ 63 (Security)
awesome-go-extra - argon2pw - 03-13T13:56:36Z|2021-09-10T18:37:55Z| (Security / HTTP Clients)
awesome-go-zh - argon2pw

README

        # argon2pw

[![GoDoc](https://godoc.org/github.com/raja/argon2pw?status.svg)](https://godoc.org/github.com/raja/argon2pw)

[![Build Status](https://travis-ci.org/raja/argon2pw.svg?branch=master)](https://travis-ci.org/raja/argon2pw)

[![Go Report Card](https://goreportcard.com/badge/github.com/raja/argon2pw)](https://goreportcard.com/report/github.com/raja/argon2pw)

Argon2 password hashing package with constant time hash comparison

**Preface:**

Argon2 was selected as the winner of the [Password Hashing Competition](https://password-hashing.net/). Argon2 is ideal for deriving cryptographic keys from passwords.

This package utilizes the Argon2i hashing algorithm that is the side-channel resistant version of Argon2. It uses data-independent memory access, which is preferred for password hashing and password-based key derivation. Argon2i requires more passes over memory than Argon2id to protect from trade-off attacks.

The generated salted hash is ideal for persistent storage in a single column as a string and is future proof if time or memory parameters for argon2i change.

Additionally, argon2pw includes a function for password comparison in constant time to prevent [timing attack](https://en.wikipedia.org/wiki/Timing_attack) vectors.

**Usage:**

```go

package main

import "github.com/raja/argon2pw"

 func main() {

	 // Generate a hashed password

	 testPassword := `testPassword$x1w432b7^`

	 hashedPassword, err := argon2pw.GenerateSaltedHash(testPassword)

	 if err != nil {

         log.Panicf("Hash generated returned error: %v", err)

	 }

	 // Test correct password in constant time

	 valid, err := argon2pw.CompareHashWithPassword(hashedPassword, testPassword)

	 log.Printf("The password validity is %t against the hash", valid)

	 // Test incorrect password in constant time

	 valid, err = argon2pw.CompareHashWithPassword(hashedPassword, "badPass")

	 log.Printf("The password validity is %t against the hash", valid)

 }

```