https://github.com/zntrio/butcher
Butcher for progressive password storage
https://github.com/zntrio/butcher
golang golang-library hash hash-algorithm password-store
Last synced: 5 days ago
JSON representation
Butcher for progressive password storage
- Host: GitHub
- URL: https://github.com/zntrio/butcher
- Owner: zntrio
- License: apache-2.0
- Created: 2017-03-25T11:26:47.000Z (almost 9 years ago)
- Default Branch: main
- Last Pushed: 2023-12-18T23:23:14.000Z (about 2 years ago)
- Last Synced: 2024-10-24T12:19:08.174Z (about 1 year ago)
- Topics: golang, golang-library, hash, hash-algorithm, password-store
- Language: Go
- Homepage:
- Size: 1.5 MB
- Stars: 5
- Watchers: 2
- Forks: 2
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# go-butcher
Butcher for progressive hashing password
Status: Prod ready
Follow compliance from [OWASP Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html) requirements.
Algorithms supported :
* Argon2id (default)
* Scrypt
* PBKDF2+SHA512
## Output samples
```sh
'hAETWCB5IAJc8618VI9POngh6g0+rkEbUj/7pxZaAKuxPoRfilhA5+q1E+wifRoxLpEX7acA48KMmD/7OPJb5cTjxGP91Hv9z3vEBNOb095WPBo5yLn1w9mPnkfgKSv6MWKJRG0mGg'
'hAMBWCBD/40V1xzT/Kt0/40y0aeg60eHOyJFROiHuWkMvBIehlhA5U1h9I9fMSASOAcz4JpEQHEhwJGUlg8WpvqRnSG5gjruaa7LvNa7bMEHi1Qk5aVfpsisJBMlfxO5UaoLe1BC+A'
'hAIBWCBosL5P+aF/j2PmrIcE8W1Gxq+I2tMic0ON4xz1ZJkgr1hAUhaZ/2tI02iwD1H2DqTafepgdYfCHauWOzwkgTQsIcwvTTs1M8puQ5+UXl2cUA9f10EtjzM7vwaAHWU71Rrwhw'
```
## Advices
* Try to use client side hash function before sending credentials to the server (Blake2b-512 / SHA3-512);
* use a 32 byte or 64 byte salt (actual size dependent on protection function);
* You should encrypt these results in your database to add hash privacy;
* Store pepper and encryption key in a HSM or Software Vault;
* For Paranoid (like me) => Implement perfect secrecy using NaCL box on top of HTTPS;