How to Securely Hash Passwords in Golang/App Engine Without syscall or scrypt?

Linda Hamilton
Release: 2024-10-30 08:26:02
Original
594 people have browsed it

How to Securely Hash Passwords in Golang/App Engine Without syscall or scrypt?

Securely Hashing Passwords in Golang/App Engine without syscall or scrypt

Whilebcrypt and scrypt are commonly used for password hashing, they may not be suitable for App Engine due tosyscall accessibility. As an alternative, consider leveraging the go.crypto library for secure password hashing.

The go.crypto package offers support for both pbkdf2 and bcrypt. Both implementations are written entirely in Go, ensuring compatibility with App Engine.

1. Using bcrypt

Implement bcrypt using the following steps:

<code class="bash">go get golang.org/x/crypto/bcrypt</code>
Copy after login

Example usage:

<code class="go">import "golang.org/x/crypto/bcrypt"

func clear(b []byte) {
    for i := 0; i < len(b); i++ {
        b[i] = 0;
    }
}

func Crypt(password []byte) ([]byte, error) {
    defer clear(password)
    return bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
}

ctext, err := Crypt(pass)

if err != nil {
    log.Fatal(err)
}

fmt.Println(string(ctext))</code>
Copy after login

This will produce an output similar to:

a$sylGijT5CIJZ9ViJsxZOS.IB2tOtJ40hf82eFbTwq87iVAOb5GL8e
Copy after login

2. Using pbkdf2

For a simple hash using pbkdf2:

<code class="go">import "golang.org/x/crypto/pbkdf2"

func HashPassword(password, salt []byte) []byte {
    defer clear(password)
    return pbkdf2.Key(password, salt, 4096, sha256.Size, sha256.New)
}

pass := []byte("foo")
salt := []byte("bar")

fmt.Printf("%x\n", HashPassword(pass, salt))</code>
Copy after login

The above is the detailed content of How to Securely Hash Passwords in Golang/App Engine Without syscall or scrypt?. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!