All hashing and crypto is done by Go library packages. This is only a utility package to make the process described easier.
goArgonPass is a Argon2 Password utility package for Go using the crypto library package Argon2. Argon2 was the winner of the most recent Password Hashing Competition and doesn't suffer from issues that Bcrypt has such as truncating input over 72 characters. This is designed for use anywhere password hashing and verification might be needed and is intended to replace implementations using bcrypt or Scrypt. The string input/output format was designed to be compatible with Passlib for Python and Argon2 PHP, and you should have full compatibility using the argon2i
function, but will not be able to use argon2id
, which is the default for this pacakge until those libraries are updated to support it. I encourage you to find the parameters that work best for your application, but the defaults are resonable for an interactive use such as a web application login.
The default Argon2 function is Argon2id
, which is a hybrid version of Argon2 combining Argon2i and Argon2d. Argon2id is side-channel resistant and provides better brute- force cost savings due to time-memory tradeoffs than Argon2i, but Argon2i is still plenty secure.
Argon2id variant with t=1 and maximum available memory is recommended as a default setting for all environments. This setting is secure against side-channel attacks and maximizes adversarial costs on dedicated bruteforce hardware.
go get github.com/dwin/goArgonPass
See example/example.go:
import (
"fmt"
"os"
argonpass "github.com/dwin/goArgonPass"
)
func main() {
// Obtain user password from form or other input
userPassInput := "password"
// Hash with Default Parameters
hash, err := argonpass.Hash(userPassInput, nil)
if err != nil {
// Handle Error
os.Exit(1)
}
fmt.Println("Hash Output: ", hash)
// Verify Hash
err = argonpass.Verify(userPassInput, hash)
if err != nil {
fmt.Println("Hash verification error: ", err)
}
fmt.Println("Hash verified")
}
$ argon2id$v=19$m=65536,t=1,p=4$in2Oi1x57p0=$FopwSR12aLJ9OGPw1rKU5K5osAOGxOJzxC/shk+i850=
$ argon2{function(i/id)}$v={version}$m={memory},t={time},p={parallelism}${salt(base64)}${digest(base64)}
Set Custom Parameters by passing ArgonParams{} to Hash().
Parameter | Type | Default | Valid Range |
---|---|---|---|
Time | uint32 |
1 |
>= 1 |
Memory | uint32 |
65536 |
>= 1024 |
Parallelism | uint8 |
4 |
1-64 |
OutputSize | uint32 |
16 |
16-64 |
Function | ArgonVariant |
ArgonVariant2id |
ArgonVariant2id - ArgonVariant2i |
SaltSize | uint8 |
16 |
16-64 |
type ArgonParams struct {
Time uint32
Memory uint32
Parallelism uint8
OutputSize uint32
Function ArgonVariant
SaltSize uint8
}