Hashing algorithms simplified (supports Argon2, Bcrypt, Scrypt, PBKDF2, Chacha20poly1305 and more in the future)

PHC Crypto

GitHub release (latest SemVer including pre-releases) Go Reference Go Report Card GitHub codecov CodeFactor Codacy Badge Build test Build test

Inspired by Upash, also implementing PHC string format

Usage

Currently there are two options of using this package:

  1. Import all
  2. Import specific hash function

Bear in mind, these usage function might changed in the near future.

Currently supported formats

  • Bcrypt
  • Argon2i & Argon2id
  • PBKDF2
  • Scrypt
  • Chacha20poly1305

For details regarding configs, please refer to their own folders (linked).

Option 1 - Import all

$ go get github.com/aldy505/phc-crypto
import (
  "fmt"
  "github.com/aldy505/phc-crypto"
)

func main() {
  // Create a crypto instance
  // Change the scope name to your prefered hashing algorithm
  // Available options are: bcrypt, scrypt, argon2, pbkdf2, chacha20poly1305
  crypto, err := phccrypto.Use("scrypt", phccrypto.Config{})
  
  hash, err := crypto.Hash("password123")
  if err != nil {
    fmt.Println(err)
  }
  fmt.Println(hash) // returns string ($scrypt$v=0$p=1,ln=32768,r=8$402ffb0b23cd3d3a$62daeae2ac...)

  verify, err := crypto.Verify(hash, "password123")
  if err != nil {
    fmt.Println(err)
  }
  fmt.Println(verify) // returns boolean (true/false)
}

Option 2 - Import specific hash function

# You can pick only one of them
$ go get github.com/aldy505/phc-crypto/bcrypt
$ go get github.com/aldy505/phc-crypto/pbkdf2
$ go get github.com/aldy505/phc-crypto/scrypt
import "github.com/aldy505/phc-crypto/scrypt"

func main() {
  // Change the scope name to your prefered hashing algorithm
  hash, err := scrypt.Hash("password123", scrypt.Config{})
  if err != nil {
    fmt.Println(err)
  }
  fmt.Println(hash) // returns string ($scrypt$v=0$p=1,ln=32768,r=8$402ffb0b23cd3d3a$62daeae2ac...)

  verify, err := scrypt.Verify(hash, "password123")
  if err != nil {
    fmt.Println(err)
  }
  fmt.Println(verify) // returns boolean (true/false)
}

Contribute

Yes please! I'm still new to Go and I create this module (or package if you will) to help me fulfill a need on my project. Feel free to refactor, add new feature, fix unknown bugs, and have fun!

LICENSE

MIT License

Copyright (c) 2021-present Reinaldy Rafli and PHC Crypto collaborators

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Owner
Reinaldy Rafli
Trust me when I say I'm not a programmer.
Reinaldy Rafli
https://github.com/aldy505/phc-crypto
Similar Resources

DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Minify and Secure Docker containers (free and open source!) Don't change anything in your Docker container image and minify it by up to 30x making it

Dec 27, 2022

An authorization library that supports access control models like ACL, RBAC, ABAC in Golang

An authorization library that supports access control models like ACL, RBAC, ABAC in Golang

Casbin News: still worry about how to write the correct Casbin policy? Casbin online editor is coming to help! Try it at: https://casbin.org/editor/ C

Jan 6, 2023

A fully self-contained Nmap like parallel port scanning module in pure Golang that supports SYN-ACK (Silent Scans)

gomap What is gomap? Gomap is a fully self-contained nmap like module for Golang. Unlike other projects which provide nmap C bindings or rely on other

Dec 10, 2022

ARP spoofing tool based on go language, supports LAN host scanning, ARP poisoning, man-in-the-middle attack, sensitive information sniffing, HTTP packet sniffing

ARP spoofing tool based on go language, supports LAN host scanning, ARP poisoning, man-in-the-middle attack, sensitive information sniffing, HTTP packet sniffing

[ARP Spoofing] [Usage] Commands: clear clear the screen cut 通过ARP欺骗切断局域网内某台主机的网络 exit exit the program help display help hosts 主机管理功能 loot 查看嗅探到的敏感信息

Dec 30, 2022

Build awesome Golang desktop apps and beautiful interfaces with Vue.js, React.js, Framework 7, and more...

Build awesome Golang desktop apps and beautiful interfaces with Vue.js, React.js, Framework 7, and more...

Guark Guark allows you to build beautiful user interfaces using modern web technologies such as Vue.js, React.js..., while your app logic handled and

Jan 1, 2023

Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...

Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...

Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more... Coded with 💙 by edoardottt. Share on Twitter! P

Dec 25, 2022

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on

Dec 30, 2022

EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.

EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.

EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptograp

Dec 10, 2022

Analyse binaries for missing security features, information disclosure and more.

Analyse binaries for missing security features, information disclosure and more.

extrude Analyse binaries for missing security features, information disclosure and more. 🚧 Extrude is in the early stages of development, and current

Dec 16, 2022
Comments
  • Chore/update

    Chore/update

    What kind of change does this PR introduce? (check at least one)

    • [x] Bugfix
    • [ ] Feature
    • [x] Code style update
    • [x] Refactor
    • [x] Build-related changes
    • [ ] Other, please describe:

    Does this PR introduce a breaking change? (check one)

    • [ ] Yes
    • [x] No

    If yes, please describe the impact and migration path for existing applications:

    The PR fulfills these requirements:

    • [ ] When resolving a specific issue, it's referenced in the PR's title (e.g. fix #xxx[,#xxx], where "xxx" is the issue number)
    • [x] All tests are passing
    • [x] New/updated tests are included

    If adding a new feature, the PR's description includes:

    • [ ] A convincing reason for adding this feature (to avoid wasting your time, it's best to open a suggestion issue first and wait for approval before working on it)

    Other information:

  • not return an error to the caller

    not return an error to the caller

    I think, we should always return an error to the caller

    What is the reason to not return it in this code ?

    decodedHash, err := hex.DecodeString(deserialize.Hash)
if err != nil {
    return false, nil
}

    refer to: https://github.com/aldy505/phc-crypto/blob/83ad78b3d95edad3e5df9dfc40acdb0d19a4da5b/bcrypt/bcrypt.go#L43

Related tags
Security go golang cryptography crypto scrypt argon2 hash pbkdf2 bcrypt phc
A light package for generating and comparing password hashing with argon2 in Go

argon2-hashing argon2-hashing provides a light wrapper around Go's argon2 package. Argon2 was the winner of the Password Hashing Competition that make

Sep 27, 2022
Argon2 password hashing package for go with constant time hash comparison

argon2pw Argon2 password hashing package with constant time hash comparison Preface: Argon2 was selected as the winner of the Password Hashing Competi

Sep 27, 2022
Argon2 password hashing for Golang

Argon2 This is simple pure Golang implementation for password hash using Argon2. Usage package main import ( "fmt" "github.com/prastuvwxyz/argon2"

Dec 6, 2021
A probably paranoid Golang utility library for securely hashing and encrypting passwords based on the Dropbox method. This implementation uses Blake2b, Scrypt and XSalsa20-Poly1305 (via NaCl SecretBox) to create secure password hashes that are also encrypted using a master passphrase.

goSecretBoxPassword This is a Golang library for securing passwords it is based on the Dropbox method for password storage. The both passphrases are f

Jan 3, 2023
A convenience library for generating, comparing and inspecting password hashes using the scrypt KDF in Go 🔑

simple-scrypt simple-scrypt provides a convenience wrapper around Go's existing scrypt package that makes it easier to securely derive strong keys ("h

Dec 22, 2022
ID hashing and Obfuscation using Knuth's Algorithm

ID Obfuscation/Hashing Transformer for Go There are many times when you want to generate obfuscated ids. This package utilizes Knuth's Hashing Algorit

Nov 22, 2022
Consistent hashing hashring implementation.

hashring Consistent hashing hashring implementation. Overview This is an implementation of the consistent hashing hashring data structure. In general,

Nov 11, 2022
An API for hashing password in PostgreSQL with Golang

hashing-password An API for hashing password in PostgreSQL with Golang Using PostgreSQL to store Encrypted string (can be passwords ideally) using Sal

Sep 1, 2022
Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.
 Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side (

Database protection suite with field level encryption and intrusion detection. | Acra Engineering Examples | Documentation | Installation | Examples a

Dec 28, 2022
The most complete TigoPesa API Wrapper written in golang with zero external dependencies. Supports Push Pay, C2B and B2C.

tigopesa tigopesa is open source fully compliant tigo pesa client written in golang contents usage example projects links contributors sponsors usage

Jan 9, 2022