Securing Passwords in Golang on App Engine
When it comes to password hashing for web applications, security is paramount. While popular libraries like bcrypt are not suitable for App Engine due to their reliance on certain system calls, there are alternative methods that provide a robust level of protection.
Secure Hashing Options
App Engine supports hashing algorithms through the go.crypto package. This package offers two secure options:
Recommendation: bcrypt
For ease of use and proven effectiveness, bcrypt is the recommended choice. It is a simple-to-use algorithm that produces high-quality hashes.
Implementation
<code class="go">import "golang.org/x/crypto/bcrypt"
func Crypt(password []byte) ([]byte, error) {
defer clear(password)
return bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
}
ctext, err := Crypt(pass)
if err != nil {
log.Fatal(err)
}
fmt.Println(string(ctext))</code>The output will resemble a string like:
a$sylGijT5CIJZ9ViJsxZOS.IB2tOtJ40hf82eFbTwq87iVAOb5GL8e
pbkdf2 for Hashing:
If the focus is solely on hashing rather than password verification, pbkdf2 can be employed:
<code class="go">import "golang.org/x/crypto/pbkdf2"
func HashPassword(password, salt []byte) []byte {
defer clear(password)
return pbkdf2.Key(password, salt, 4096, sha256.Size, sha256.New)
}
pass := []byte("foo")
salt := []byte("bar")
fmt.Printf("%x\n", HashPassword(pass, salt))</code>By employing these secure password hashing options, developers can effectively safeguard user credentials on Golang applications running on App Engine.
The above is the detailed content of How to Secure Passwords in Golang Applications on App Engine?. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
