elithrar / Simple Scrypt
Licence: mit
A convenience library for generating, comparing and inspecting password hashes using the scrypt KDF in Go π
Stars: β 168
Programming Languages
go
31211 projects - #10 most used programming language
Projects that are alternatives of or similar to Simple Scrypt
Password4j
Password4j is a user-friendly cryptographic library that supports Argon2, Bcrypt, Scrypt, PBKDF2 and various cryptographic hash functions.
Stars: β 124 (-26.19%)
Mutual labels: hash, password, scrypt
BruteForce
A simple brute forcer written in GO for SHA1, SHA256, SHA512, MD5 and bcrypt
Stars: β 49 (-70.83%)
Mutual labels: password, hash
hash-wasm
Lightning fast hash functions using hand-tuned WebAssembly binaries
Stars: β 382 (+127.38%)
Mutual labels: scrypt, hash
CryptoKnight
CryptoKnight is a general purpose cryptography desktop app
Stars: β 18 (-89.29%)
Mutual labels: scrypt, password
phc-crypto
Hashing algorithms simplified (supports Argon2, Bcrypt, Scrypt, and PBKDF2)
Stars: β 22 (-86.9%)
Mutual labels: scrypt, hash
Leaked
Leaked? 2.1 - A Checking tool for Hash codes, Passwords and Emails leaked
Stars: β 184 (+9.52%)
Mutual labels: hash, password
crypthash-net
CryptHash.NET is a .NET multi-target library to encrypt/decrypt/hash/encode/decode strings and files, with an optional .NET Core multiplatform console utility.
Stars: β 33 (-80.36%)
Mutual labels: password, hash
password-dart
A set of high-level APIs over PointyCastle and CryptoUtils to hash and verify passwords securely.
Stars: β 40 (-76.19%)
Mutual labels: password, hash
Scrypt
A .NET implementation of scrypt password hash algorithm.
Stars: β 90 (-46.43%)
Mutual labels: scrypt, hash
Hackers Tool Kit
Its a framework filled with alot of options and hacking tools you use directly in the script from brute forcing to payload making im still adding more stuff i now have another tool out called htkl-lite its hackers-tool-kit just not as big and messy to see updates check on my instagram @tuf_unkn0wn or if there are any problems message me on instagram
Stars: β 211 (+25.6%)
Mutual labels: hash, password
bookshelf-secure-password
A Bookshelf.js plugin for handling secure passwords
Stars: β 24 (-85.71%)
Mutual labels: password, hash
Dcipher Cli
πCrack hashes using online rainbow & lookup table attack services, right from your terminal.
Stars: β 193 (+14.88%)
Mutual labels: hash, password
noble-hashes
Audited & minimal JS implementation of SHA2, SHA3, RIPEMD, BLAKE2/3, HMAC, HKDF, PBKDF2 & Scrypt
Stars: β 213 (+26.79%)
Mutual labels: scrypt, hash
Pick
A secure and easy-to-use CLI password manager for macOS and Linux
Stars: β 359 (+113.69%)
Mutual labels: password, scrypt
John
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
Stars: β 5,656 (+3266.67%)
Mutual labels: hash, password
Pytorch deephash
Pytorch implementation of Deep Learning of Binary Hash Codes for Fast Image Retrieval, CVPRW 2015
Stars: β 148 (-11.9%)
Mutual labels: hash
simple-scrypt
simple-scrypt provides a convenience wrapper around Go's existing scrypt package that makes it easier to securely derive strong keys ("hash user passwords"). This library allows you to:
- Generate a scrypt derived key with a crytographically secure salt and sane default parameters for N, r and p.
- Upgrade the parameters used to generate keys as hardware improves by storing them with the derived key (the scrypt spec. doesn't allow for this by default).
- Provide your own parameters (if you wish to).
The API closely mirrors Go's bcrypt library in an effort to make it easy to migrateβand because it's an easy to grok API.
Installation
With a working Go toolchain:
go get -u github.com/elithrar/simple-scrypt
Example
simple-scrypt doesn't try to re-invent the wheel or do anything "special". It
wraps the scrypt.Key function as thinly as possible, generates a
crytographically secure salt for you using Go's crypto/rand package, and
returns the derived key with the parameters prepended:
package main
import(
"fmt"
"log"
"github.com/elithrar/simple-scrypt"
)
func main() {
// e.g. r.PostFormValue("password")
passwordFromForm := "prew8fid9hick6c"
// Generates a derived key of the form "N$r$p$salt$dk" where N, r and p are defined as per
// Colin Percival's scrypt paper: http://www.tarsnap.com/scrypt/scrypt.pdf
// scrypt.Defaults (N=16384, r=8, p=1) makes it easy to provide these parameters, and
// (should you wish) provide your own values via the scrypt.Params type.
hash, err := scrypt.GenerateFromPassword([]byte(passwordFromForm), scrypt.DefaultParams)
if err != nil {
log.Fatal(err)
}
// Print the derived key with its parameters prepended.
fmt.Printf("%s\n", hash)
// Uses the parameters from the existing derived key. Return an error if they don't match.
err := scrypt.CompareHashAndPassword(hash, []byte(passwordFromForm))
if err != nil {
log.Fatal(err)
}
}
Upgrading Parameters
Upgrading derived keys from a set of parameters to a "stronger" set of parameters as hardware improves, or as you scale (and move your auth process to separate hardware), can be pretty useful. Here's how to do it with simple-scrypt:
func main() {
// SCENE: We've successfully authenticated a user, compared their submitted
// (cleartext) password against the derived key stored in our database, and
// now want to upgrade the parameters (more rounds, more parallelism) to
// reflect some shiny new hardware we just purchased. As the user is logging
// in, we can retrieve the parameters used to generate their key, and if
// they don't match our "new" parameters, we can re-generate the key while
// we still have the cleartext password in memory
// (e.g. before the HTTP request ends).
current, err := scrypt.Cost(hash)
if err != nil {
log.Fatal(err)
}
// Now to check them against our own Params struct (e.g. using reflect.DeepEquals)
// and determine whether we want to generate a new key with our "upgraded" parameters.
slower := scrypt.Params{
N: 32768,
R: 8,
P: 2,
SaltLen: 16,
DKLen: 32,
}
if !reflect.DeepEqual(current, slower) {
// Re-generate the key with the slower parameters
// here using scrypt.GenerateFromPassword
}
}
Automatically Determining Parameters
Thanks to the work by tgulacsi, you can have simple-scrypt automatically determine the optimal parameters for you (time vs. memory). You should run this once on program startup, as calibrating parameters can be an expensive operation.
var params scrypt.Params
func main() {
var err error
// 500ms, 64MB of RAM per hash.
params, err = scrypt.Calibrate(500*time.Millisecond, 64, Params{})
if err != nil {
return nil, err
}
...
}
func RegisterUserHandler(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm()
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// Make sure you validate: not empty, not too long, etc.
email := r.PostFormValue("email")
pass := r.PostFormValue("password")
// Use our calibrated parameters
hash, err := scrypt.GenerateFromPassword([]byte(pass), params)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// Save to DB, etc.
}
Be aware that increasing these, whilst making it harder to brute-force the resulting hash, also increases the risk of a denial-of-service attack against your server. A surge in authenticate attempts (even if legitimate!) could consume all available resources.
License
MIT Licensed. See LICENSE file for details.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].