README
¶
argon2
Package argon2 implements simple password hashing and verification using golang.org/x/crypto/argon2. It supports the Argon2id variant only and provides sensible and secure defaults for password hashing.
Documentation
¶
Overview ¶
Package argon2 implements simple password hashing and verification using golang.org/x/crypto/argon2. It supports the Argon2id variant only and provides sensible and secure defaults for password hashing.
A hash can be generated by calling Hash with a password, which returns a PHC-formatted string that can be stored in a database. Later, a password can be verified against the hash using Verify.
The default parameters are m=47104, t=1, and p=1 (which are recommended by the OWASP Password Storage Cheat Sheet), using a 16-byte salt and 32-byte key. For other use cases, one can customize the parameters by using NewHash to create an Argon2 instance with the desired parameters.
Index ¶
- Variables
- func Hash(password []byte) []byte
- func HashString(password string) string
- func New() argon2id
- func NewHash(time, memory uint32, threads uint8, saltLen, keyLen uint32) argon2id
- func Parse(hash []byte) (h argon2id, salt []byte, key []byte, err error)
- func Verify(hash, password []byte) bool
- func VerifyString(hash, password string) bool
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidHash = errors.New("invalid hash format or parameters") ErrInvalidType = errors.New("invalid hash type (only argon2id is supported)") )
Functions ¶
func Hash ¶
Hash generates a hash for the given password using the default parameters and returns a PHC-formatted string representing the hash.
Example ¶
package main
import (
"fmt"
"github.com/calico32/argon2"
)
func main() {
hash := argon2.Hash([]byte("examplepassword"))
// save hash to database or use it as needed
// later:
// get password from user to verify
password := []byte("examplepassword")
if !argon2.Verify(hash, password) {
// verification failed
fmt.Println("Incorrect username or password")
return
}
// verification succeeded
fmt.Println("Welcome back!")
}
func HashString ¶ added in v1.1.0
HashString generates a hash for the given password using the default parameters and returns a PHC-formatted string representing the hash. It is equivalent to:
string(argon2.Hash([]byte(password)))
func New ¶
func New() argon2id
New creates a new Argon2 instance with default parameters, suitable for hashing passwords.
The default parameters are:
- time: 1
- memory: 47104 (46 MiB)
- parallelism: 1
- salt length: 16 bytes
- key length: 32 bytes
func NewHash ¶
NewHash creates a new Argon2 instance with the specified parameters. Consult the OWASP Password Storage Cheat Sheet when choosing parameters if unsure.
Consider using the default parameters (via New or Hash) for password hashing.
func Parse ¶
Parse parses the PHC-formatted argon2id hash and returns its parameters, salt, and key.
func Verify ¶
Verify verifies the given password against the PHC-formatted argon2id hash. It returns true if the password matches the hash and false if the hash is invalid or the password does not match.
func VerifyString ¶ added in v1.1.0
VerifyString verifies the given password against the PHC-formatted argon2id hash. It returns true if the password matches the hash and false if the hash is invalid or the password does not match. It is equivalent to:
Verify([]byte(hash), []byte(password))
Types ¶
This section is empty.
Source Files