Documentation ¶
Overview ¶
Package pbkdf2 provides salt generation, hashing and verification for x/crypto/pbkdf2. RFC 8018 / PKCS #5 v2.1 specification allows use of all five FIPS Approved Hash Functions SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 for HMAC. All of the above are supported by the Verifier or through specific constuctor functions of the Hasher.
Index ¶
Constants ¶
const ( IdentifierSHA1 = "pbkdf2" IdentifierSHA224 = IdentifierSHA1 + "-sha224" IdentifierSHA256 = IdentifierSHA1 + "-sha256" IdentifierSHA384 = IdentifierSHA1 + "-sha384" IdentifierSHA512 = IdentifierSHA1 + "-sha512" Prefix = "$" + IdentifierSHA1 )
Identifiers and prefixes that describe a pbkdf2 encoded hash string.
const Format = "$%s$%d$%s$%s"
Format of the Modular Crypt Format, as used by passlib. See https://passlib.readthedocs.io/en/stable/lib/passlib.hash.pbkdf2_digest.html#format-algorithm
Variables ¶
var ( RecommendedSHA1Params = Params{ Rounds: 290000, KeyLen: sha1.Size, SaltLen: 16, } RecommendedSHA224Params = Params{ Rounds: 290000, KeyLen: sha256.Size224, SaltLen: 16, } RecommendedSHA256Params = Params{ Rounds: 290000, KeyLen: sha256.Size, SaltLen: 16, } RecommendedSHA384Params = Params{ Rounds: 290000, KeyLen: sha512.Size384, SaltLen: 16, } RecommendedSHA512Params = Params{ Rounds: 290000, KeyLen: sha512.Size, SaltLen: 16, } )
Recommended parameters are based on passlib's defaults.
var Verifier = verifier.VerifyFunc(Verify)
Functions ¶
func Verify ¶
Verify parses encoded and uses its pbkdf2 parameters to verify password against its hash. The HMAC message authentication scheme is taken from the encoded string. Currently SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 are suppored.
Verify accepts hash and password encoding in standard base 64 or the alternative base64 encoding as defined by passlib. This is standard encoding with `+` replaced by `.` without padding.