password

package
v1.1.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 13, 2026 License: GPL-3.0 Imports: 11 Imported by: 0

Documentation

Overview

Package password provides password hashing helpers with safe defaults.

Index

Constants

View Source 
const (
	BcryptInteractiveCost = 10
	BcryptBalancedCost    = 12
	BcryptHighCost        = 14
)

BcryptInteractiveCost is the low-latency bcrypt cost. BcryptBalancedCost is the general-purpose bcrypt cost. BcryptHighCost is the high-security bcrypt cost.

Variables

View Source 
var (
	// ErrInvalidParams indicates that the provided password parameters are invalid.
	ErrInvalidParams = ewrap.New("invalid password parameters")
	// ErrInvalidHash indicates that the provided password hash is invalid.
	ErrInvalidHash = ewrap.New("invalid password hash")
	// ErrPasswordTooLong indicates that the provided password is too long.
	ErrPasswordTooLong = ewrap.New("password is too long")
)

Functions

func ConstantTimeCompare 

func ConstantTimeCompare(a, b []byte) bool

ConstantTimeCompare compares two byte slices in constant time.

Types

type Argon2idHasher 

type Argon2idHasher struct {
	// contains filtered or unexported fields
}

Argon2idHasher hashes passwords using argon2id.

func NewArgon2id 

func NewArgon2id(params Argon2idParams) (*Argon2idHasher, error)

NewArgon2id constructs a hasher with custom parameters.

func (*Argon2idHasher) Hash 

func (h *Argon2idHasher) Hash(password []byte) (string, error)

Hash hashes a password using argon2id and returns a PHC string.

func (*Argon2idHasher) Verify 

func (h *Argon2idHasher) Verify(password []byte, encoded string) (ok, needsRehash bool, err error)

Verify checks a password against an encoded hash and reports if it needs rehash.

type Argon2idParams 

type Argon2idParams struct {
	Memory     uint32
	Time       uint32
	Threads    uint8
	SaltLength uint32
	KeyLength  uint32
}

Argon2idParams defines parameters for argon2id hashing.

func Argon2idBalanced 

func Argon2idBalanced() Argon2idParams

Argon2idBalanced returns balanced parameters for general use.

func Argon2idHighSecurity 

func Argon2idHighSecurity() Argon2idParams

Argon2idHighSecurity returns parameters for high-security environments.

func Argon2idInteractive 

func Argon2idInteractive() Argon2idParams

Argon2idInteractive returns parameters suitable for latency-sensitive flows.

type BcryptHasher 

type BcryptHasher struct {
	// contains filtered or unexported fields
}

BcryptHasher hashes passwords using bcrypt.

func NewBcrypt 

func NewBcrypt(cost int) (*BcryptHasher, error)

NewBcrypt constructs a bcrypt hasher with the given cost.

func (*BcryptHasher) Hash 

func (h *BcryptHasher) Hash(password []byte) (string, error)

Hash hashes a password using bcrypt.

func (*BcryptHasher) Verify 

func (h *BcryptHasher) Verify(password []byte, encoded string) (ok, needsRehash bool, err error)

Verify checks a password against a bcrypt hash and reports if it needs rehash.

type Hasher 

type Hasher interface {
	Hash(password []byte) (string, error)
	// Verify checks whether password matches the encoded hash.
	// It returns:
	//   - bool: true if the password matches the encoded hash.
	//   - bool: true if the hash should be rehashed with updated parameters.
	Verify(password []byte, encoded string) (bool, bool, error)
}

Hasher defines a password hashing interface with upgrade detection.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.