Securely Hashing Passwords in Golang/App Engine without syscall or scrypt
Whilebcrypt and scrypt are commonly used for password hashing, they may not be suitable for App Engine due tosyscall accessibility. As an alternative, consider leveraging the go.crypto library for secure password hashing.
The go.crypto package offers support for both pbkdf2 and bcrypt. Both implementations are written entirely in Go, ensuring compatibility with App Engine.
1. Using bcrypt
Implement bcrypt using the following steps:
<code class="bash">go get golang.org/x/crypto/bcrypt</code>
Example usage:
<code class="go">import "golang.org/x/crypto/bcrypt" func clear(b []byte) { for i := 0; i < len(b); i++ { b[i] = 0; } } func Crypt(password []byte) ([]byte, error) { defer clear(password) return bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost) } ctext, err := Crypt(pass) if err != nil { log.Fatal(err) } fmt.Println(string(ctext))</code>
This will produce an output similar to:
a$sylGijT5CIJZ9ViJsxZOS.IB2tOtJ40hf82eFbTwq87iVAOb5GL8e
2. Using pbkdf2
For a simple hash using pbkdf2:
<code class="go">import "golang.org/x/crypto/pbkdf2" func HashPassword(password, salt []byte) []byte { defer clear(password) return pbkdf2.Key(password, salt, 4096, sha256.Size, sha256.New) } pass := []byte("foo") salt := []byte("bar") fmt.Printf("%x\n", HashPassword(pass, salt))</code>
The above is the detailed content of How to Securely Hash Passwords in Golang/App Engine Without syscall or scrypt?. For more information, please follow other related articles on the PHP Chinese website!