auth

package
v0.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 22, 2026 License: GPL-3.0 Imports: 6 Imported by: 0

Documentation

Overview

Package auth provides password hashing and verification utilities using the argon2id algorithm for secure credential storage.

Index

Constants

View Source 
const (
	Argon2Time    = 2
	Argon2Memory  = 19 * 1024 // 19 MB — fits on 256MB VMs
	Argon2Threads = 1
	Argon2KeyLen  = 32
	Argon2SaltLen = 16
)

Argon2 parameters (OWASP recommended second choice: m=19456, t=2, p=1)

Variables

This section is empty.

Functions

func CheckPassword 

func CheckPassword(password, encodedHash string) (bool, error)

CheckPassword verifies a password against an Argon2id hash.

func HashArgon2 added in v0.1.0 

func HashArgon2(input string) (string, error)

HashArgon2 creates an Argon2id hash of the input string. Returns encoded hash in format: $argon2id$v=19$m=19456,t=2,p=1$salt$hash

func HashPassword 

func HashPassword(password string) (string, error)

HashPassword creates an Argon2id hash of the password.

func NeedsRehash added in v0.7.0 

func NeedsRehash(encodedHash string) bool

NeedsRehash checks whether an encoded hash uses different parameters than the current defaults. Returns true if the hash should be re-created.

func VerifyArgon2 added in v0.1.0 

func VerifyArgon2(input, encodedHash string) (bool, error)

VerifyArgon2 verifies an input string against an Argon2id hash. Uses constant-time comparison to prevent timing attacks.

func VerifyDummyPassword added in v0.20.0 

func VerifyDummyPassword(password string)

VerifyDummyPassword runs an Argon2id verification against a package- local dummy hash, discarding the result. Call this on login paths where the user lookup returned no row — it levels the response time with the existing-user wrong-password path, closing a user-enumeration side channel.

Safe to call on every request: the cost is the same as a regular CheckPassword (~20ms) — that's the whole point. If init() failed to build the dummy hash (crypto/rand unavailable), this function returns without doing work; the system is already broken at that point.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.