Golang / App Engine - 安全地散列用户密码 [英] Golang/App Engine - securely hashing a user's password
问题描述
我通常使用bcrypt库进行密码散列,但由于库使用 syscall
,所以无法这样做。我也尝试过scrypt。还有哪些其他方式是安全的,哪些方法是最好的方式?
go.crypto 。它提供对pbkdf2和bcrypt的支持。
这两个实现都是纯粹用Go编写的,应该在GAE上工作。
最简单的使用方式可能是bcrypt。
要运行包:
go get golang.org/x/crypto/bcrypt
用法示例:
importgolang.org/x/crypto/bcrypt
func clear(b [] byte){
for i:= 0;我< LEN(B); i ++ {
b [i] = 0;
$ b func Crypt(password [] byte)([] byte,error){
推迟清除(密码)
返回bcrypt。 GenerateFromPassword(password,bcrypt.DefaultCost)
}
ctext,err:=加密(传递)
if err!= nil {
log。致命(错误)
}
fmt.Println(字符串(ctext))
输出将如下所示:
$ 2a $ 10 $ sylGijT5CIJZ9ViJsxZOS.IB2tOtJ40hf82eFbTwq87iVAOb5GL8e
code>
如果您只需要哈希,请使用pbkdf2。例子:
importgolang.org/x/crypto/pbkdf2
func HashPassword(password ,salt [] byte)[] byte {
defer clear(password)
return pbkdf2.Key(password,salt,4096,sha256.Size,sha256.New)
}
pass:= [] byte(foo)
salt:= [] byte(bar)
fmt.Printf(%x \ n ,HashPassword(pass,salt))
I have typically used the bcrypt library to do password hashing, but am unable to do so because of the library's use of syscall
. I have also tried scrypt. What other ways are secure, and which would be the best way?
Have a look at go.crypto. It offers support for pbkdf2 and bcrypt. Both implementations are purely written in Go and should work on GAE just fine.
The most simple to use is probably bcrypt. To get the package run:
go get golang.org/x/crypto/bcrypt
Example usage:
import "golang.org/x/crypto/bcrypt"
func clear(b []byte) {
for i := 0; i < len(b); i++ {
b[i] = 0;
}
}
func Crypt(password []byte) ([]byte, error) {
defer clear(password)
return bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
}
ctext, err := Crypt(pass)
if err != nil {
log.Fatal(err)
}
fmt.Println(string(ctext))
The output will be something like this:
$2a$10$sylGijT5CIJZ9ViJsxZOS.IB2tOtJ40hf82eFbTwq87iVAOb5GL8e
If you want simply the hash, use pbkdf2. Example:
import "golang.org/x/crypto/pbkdf2"
func HashPassword(password, salt []byte) []byte {
defer clear(password)
return pbkdf2.Key(password, salt, 4096, sha256.Size, sha256.New)
}
pass := []byte("foo")
salt := []byte("bar")
fmt.Printf("%x\n", HashPassword(pass, salt))
这篇关于Golang / App Engine - 安全地散列用户密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!