Package crypt implements a basic interface to validate crypt(3) hashes.
Validation of any particular hash requires the prior registration of a check function. Registration is typically automatic as a side effect of initializing that hash's package so that, to validate an Argon2 has, it suffices to have
import _ "github.com/sergeymakinen/go-crypt/argon2"
in a program's main package. The _ means to import a package purely for its initialization side effects.
It's also possible to implement a custom hash marshaling/unmarshaling via the hash package.
Supported schemes:
- DES:
<value>(<value>)*
- DES Extended (BSDi):
_<value>(<value>)*
- MCF/PHC:
$<id>$fragment($<fragment>)*
Where:<fragment>
is(<group>|<param>=<value>|<value>)
<group>
is<param>=<value>,<param>=<value>(,<param>=<value>)*
Example:
var scheme = struct {
HashPrefix string
Cost string `hash:"length:2"`
Salt []byte `hash:"length:22,inline"`
Sum [31]byte
}
hash.Unmarshal("$2b$10$UVjcf7m8L91VOpIRwEprguF4o9Inqj7aNhqvSzUElX4GWGyIkYLuG", &scheme)
Use go get:
go get github.com/sergeymakinen/go-crypt
Then import the package into your own code:
import "github.com/sergeymakinen/go-crypt"
package main
import (
"fmt"
"github.com/sergeymakinen/go-crypt"
_ "github.com/sergeymakinen/go-crypt/argon2"
_ "github.com/sergeymakinen/go-crypt/bcrypt"
)
var hashes = []string{
"$argon2id$v=19$m=512,t=3,p=1$qXMlAYBABLl$/OuG+qcZ1ntdTRfhUGFVp2YMcTPJ7aH3e4j7KIEnRho", // Argon2
"$2b$12$mBhJFLLDJCBCcmMN4DLyrOV.LLSl/mdwGfzwsqvIL0OQN5yXzRihO", // bcrypt
"$unknown$foo", // Not registered
}
var passwords = []string{
"password",
"test",
}
func main() {
for _, hash := range hashes {
for _, password := range passwords {
fmt.Printf("%q with %q: %v\n", hash, password, crypt.Check(hash, password))
}
}
// Output:
// "$argon2id$v=19$m=512,t=3,p=1$qXMlAYBABLl$/OuG+qcZ1ntdTRfhUGFVp2YMcTPJ7aH3e4j7KIEnRho" with "password": <nil>
// "$argon2id$v=19$m=512,t=3,p=1$qXMlAYBABLl$/OuG+qcZ1ntdTRfhUGFVp2YMcTPJ7aH3e4j7KIEnRho" with "test": hash and password mismatch
// "$2b$12$mBhJFLLDJCBCcmMN4DLyrOV.LLSl/mdwGfzwsqvIL0OQN5yXzRihO" with "password": <nil>
// "$2b$12$mBhJFLLDJCBCcmMN4DLyrOV.LLSl/mdwGfzwsqvIL0OQN5yXzRihO" with "test": hash and password mismatch
// "$unknown$foo" with "password": unknown hash
// "$unknown$foo" with "test": unknown hash
}
BSD 3-Clause