Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → dchest → Passwordhash

dchest / Passwordhash

Licence: mit

Go package for safe password hashing and comparison. (THIS PACKAGE IS DEPRECATED! USE bcrypt OR scrypt FROM go.crypto)

Programming Languages

31211 projects - #10 most used programming language

WARNING

This package is deprecated! Do not use for new projects.

Instead of it, use scrypt or bcrypt from the official go.crypto repository:

Drawbacks of this package are:

Deriving 64-byte output from HMAC-SHA256-PBKDF2 allows for 2x speedup of attacks (PBKDF2 takes twice as long to derive 64 bytes, but attackers only need to derive 32 bytes to compare matches).
Default number of iterations (5000) is too low for most uses.
Currenly Go's SHA256 implementation is too slow.

If you use this package, but do not use full 64-byte output for any purposes other than what this package provides, please switch import to:

import "github.com/dchest/passwordhash/fixed/passwordhash"

The "fixed" version uses only the first 32 bytes of hash for comparison to avoid the speedup attack, and the default number of iterations is increased to 100000.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 9

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗