Golang/App Engine - securely hashing a user's

2019-02-03 17:49发布

I have typically used the bcrypt library to do password hashing, but am unable to do so because of the library's use of syscall. I have also tried scrypt. What other ways are secure, and which would be the best way?

标签： google-app-engine hash go

1条回答

迷人小祖宗

2楼-- · 2019-02-03 18:17

Have a look at go.crypto. It offers support for pbkdf2 and bcrypt. Both implementations are purely written in Go and should work on GAE just fine.

The most simple to use is probably bcrypt. To get the package run:

go get golang.org/x/crypto/bcrypt

Example usage:

import "golang.org/x/crypto/bcrypt" 

func clear(b []byte) {
    for i := 0; i < len(b); i++ {
        b[i] = 0;
    }
}

func Crypt(password []byte) ([]byte, error) {
    defer clear(password)
    return bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
}

ctext, err := Crypt(pass)

if err != nil {
    log.Fatal(err)
}

fmt.Println(string(ctext))

The output will be something like this:

$2a$10$sylGijT5CIJZ9ViJsxZOS.IB2tOtJ40hf82eFbTwq87iVAOb5GL8e

If you want simply the hash, use pbkdf2. Example:

import "golang.org/x/crypto/pbkdf2"

func HashPassword(password, salt []byte) []byte {
    defer clear(password)
    return pbkdf2.Key(password, salt, 4096, sha256.Size, sha256.New)
}

pass := []byte("foo")
salt := []byte("bar")

fmt.Printf("%x\n", HashPassword(pass, salt))

0人赞添加讨论(0) 举报

Golang/App Engine - securely hashing a user's

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间