Hashing algorithms simplified (supports Argon2, Bcrypt, Scrypt, PBKDF2, Chacha20poly1305 and more in the future)

Overview

PHC Crypto

GitHub release (latest SemVer including pre-releases) Go Reference Go Report Card GitHub codecov CodeFactor Codacy Badge Build test Build test

Inspired by Upash, also implementing PHC string format

Usage

Currently there are two options of using this package:

  1. Import all
  2. Import specific hash function

Bear in mind, these usage function might changed in the near future.

Currently supported formats

  • Bcrypt
  • Argon2i & Argon2id
  • PBKDF2
  • Scrypt
  • Chacha20poly1305

For details regarding configs, please refer to their own folders (linked).

Option 1 - Import all

$ go get github.com/aldy505/phc-crypto
import (
  "fmt"
  "github.com/aldy505/phc-crypto"
)

func main() {
  // Create a crypto instance
  // Change the scope name to your prefered hashing algorithm
  // Available options are: bcrypt, scrypt, argon2, pbkdf2, chacha20poly1305
  crypto, err := phccrypto.Use("scrypt", phccrypto.Config{})
  
  hash, err := crypto.Hash("password123")
  if err != nil {
    fmt.Println(err)
  }
  fmt.Println(hash) // returns string ($scrypt$v=0$p=1,ln=32768,r=8$402ffb0b23cd3d3a$62daeae2ac...)

  verify, err := crypto.Verify(hash, "password123")
  if err != nil {
    fmt.Println(err)
  }
  fmt.Println(verify) // returns boolean (true/false)
}

Option 2 - Import specific hash function

# You can pick only one of them
$ go get github.com/aldy505/phc-crypto/bcrypt
$ go get github.com/aldy505/phc-crypto/pbkdf2
$ go get github.com/aldy505/phc-crypto/scrypt
import "github.com/aldy505/phc-crypto/scrypt"

func main() {
  // Change the scope name to your prefered hashing algorithm
  hash, err := scrypt.Hash("password123", scrypt.Config{})
  if err != nil {
    fmt.Println(err)
  }
  fmt.Println(hash) // returns string ($scrypt$v=0$p=1,ln=32768,r=8$402ffb0b23cd3d3a$62daeae2ac...)

  verify, err := scrypt.Verify(hash, "password123")
  if err != nil {
    fmt.Println(err)
  }
  fmt.Println(verify) // returns boolean (true/false)
}

Contribute

Yes please! I'm still new to Go and I create this module (or package if you will) to help me fulfill a need on my project. Feel free to refactor, add new feature, fix unknown bugs, and have fun!

LICENSE

MIT License

Copyright (c) 2021-present Reinaldy Rafli and PHC Crypto collaborators

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

You might also like...
The most complete TigoPesa API Wrapper written in golang with zero external dependencies. Supports Push Pay, C2B and B2C.

tigopesa tigopesa is open source fully compliant tigo pesa client written in golang contents usage example projects links contributors sponsors usage

Build awesome Golang desktop apps and beautiful interfaces with Vue.js, React.js, Framework 7, and more...
Build awesome Golang desktop apps and beautiful interfaces with Vue.js, React.js, Framework 7, and more...

Guark Guark allows you to build beautiful user interfaces using modern web technologies such as Vue.js, React.js..., while your app logic handled and

Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...
Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...

Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more... Coded with 💙 by edoardottt. Share on Twitter! P

An authorization library that supports access control models like ACL, RBAC, ABAC in Golang
An authorization library that supports access control models like ACL, RBAC, ABAC in Golang

Casbin News: still worry about how to write the correct Casbin policy? Casbin online editor is coming to help! Try it at: https://casbin.org/editor/ C

A fully self-contained Nmap like parallel port scanning module in pure Golang that supports SYN-ACK (Silent Scans)

gomap What is gomap? Gomap is a fully self-contained nmap like module for Golang. Unlike other projects which provide nmap C bindings or rely on other

ARP spoofing tool based on go language, supports LAN host scanning, ARP poisoning, man-in-the-middle attack, sensitive information sniffing, HTTP packet sniffing
ARP spoofing tool based on go language, supports LAN host scanning, ARP poisoning, man-in-the-middle attack, sensitive information sniffing, HTTP packet sniffing

[ARP Spoofing] [Usage] Commands: clear clear the screen cut 通过ARP欺骗切断局域网内某台主机的网络 exit exit the program help display help hosts 主机管理功能 loot 查看嗅探到的敏感信息

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on

EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.
EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.

EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptograp

Analyse binaries for missing security features, information disclosure and more.
Analyse binaries for missing security features, information disclosure and more.

extrude Analyse binaries for missing security features, information disclosure and more. 🚧 Extrude is in the early stages of development, and current

Comments
  • Chore/update

    Chore/update

    What kind of change does this PR introduce? (check at least one)

    • [x] Bugfix
    • [ ] Feature
    • [x] Code style update
    • [x] Refactor
    • [x] Build-related changes
    • [ ] Other, please describe:

    Does this PR introduce a breaking change? (check one)

    • [ ] Yes
    • [x] No

    If yes, please describe the impact and migration path for existing applications:

    The PR fulfills these requirements:

    • [ ] When resolving a specific issue, it's referenced in the PR's title (e.g. fix #xxx[,#xxx], where "xxx" is the issue number)
    • [x] All tests are passing
    • [x] New/updated tests are included

    If adding a new feature, the PR's description includes:

    • [ ] A convincing reason for adding this feature (to avoid wasting your time, it's best to open a suggestion issue first and wait for approval before working on it)

    Other information:

    opened by aldy505 1
  • not return an error to the caller

    not return an error to the caller

    I think, we should always return an error to the caller

    What is the reason to not return it in this code ?

    decodedHash, err := hex.DecodeString(deserialize.Hash)
    if err != nil {
        return false, nil
    }
    

    refer to: https://github.com/aldy505/phc-crypto/blob/83ad78b3d95edad3e5df9dfc40acdb0d19a4da5b/bcrypt/bcrypt.go#L43

    opened by fahmifan 1
Releases(v1.1.0)
  • v1.1.0(Jul 1, 2021)

    Breaking Change

    • Chacha20poly1305 is no longer supported.

    Git Log

    762d45d (HEAD -> master, origin/master) feat: salt length option e9e1127 docs: updated documentation to match enum changes 6c7bd51 refactor: removed chacha20; refactor options to enum; 9d31741 refactor: redundant if-else statements a2c559d test: aiming for 100% coverage bb81927 docs: updated github report 4ca6467 ci: fixes codecov reporting

    Source code(tar.gz)
    Source code(zip)
  • v1.0.1(Jun 1, 2021)

  • v1.0.0(May 28, 2021)

    83ad78b (HEAD -> master, origin/master) docs: added documentation for each subpackage 954381d docs: updated usage guide 10068d1 feat(chacha20poly1305): working functionality 8bf58a1 feat(pbkdf2): added verify function 5837d07 feat(argon2): argon2 support 9e4ba80 docs: added another example 1e7ae19 test: added verify test d99ce74 feat(core): added some verify logic 2c500bc style: codacy formatting 479b6d5 feat(core): added centralized cryptographic usage f42710a docs: updated readme d03e568 feat(core): added chacha20poly1305 d113eb3 feat(*): initial commit

    Source code(tar.gz)
    Source code(zip)
Owner
Reinaldy Rafli
Trust me when I say I'm not a programmer.
Reinaldy Rafli
A light package for generating and comparing password hashing with argon2 in Go

argon2-hashing argon2-hashing provides a light wrapper around Go's argon2 package. Argon2 was the winner of the Password Hashing Competition that make

Andrey Skurlatov 19 Sep 27, 2022
Argon2 password hashing package for go with constant time hash comparison

argon2pw Argon2 password hashing package with constant time hash comparison Preface: Argon2 was selected as the winner of the Password Hashing Competi

Raja Bhatia 89 Sep 27, 2022
Argon2 password hashing for Golang

Argon2 This is simple pure Golang implementation for password hash using Argon2. Usage package main import ( "fmt" "github.com/prastuvwxyz/argon2"

Dwi Agung Prastya 2 Dec 6, 2021
A convenience library for generating, comparing and inspecting password hashes using the scrypt KDF in Go 🔑

simple-scrypt simple-scrypt provides a convenience wrapper around Go's existing scrypt package that makes it easier to securely derive strong keys ("h

Matt Silverlock 183 Dec 22, 2022
ID hashing and Obfuscation using Knuth's Algorithm

ID Obfuscation/Hashing Transformer for Go There are many times when you want to generate obfuscated ids. This package utilizes Knuth's Hashing Algorit

pj 325 Nov 22, 2022
Consistent hashing hashring implementation.

hashring Consistent hashing hashring implementation. Overview This is an implementation of the consistent hashing hashring data structure. In general,

Sergey Kamardin 30 Nov 11, 2022
An API for hashing password in PostgreSQL with Golang

hashing-password An API for hashing password in PostgreSQL with Golang Using PostgreSQL to store Encrypted string (can be passwords ideally) using Sal

Aly Ragab 4 Sep 1, 2022
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

Minify and Secure Docker containers (free and open source!) Don't change anything in your Docker container image and minify it by up to 30x making it

docker-slim 15.7k Dec 27, 2022
Cossack Labs 1.1k Dec 28, 2022