Golang : Bcrypting password
From my past tutorial on salting password, a reader pointed out that there is a better way to handle/protect users passwords in case hackers managed to get the database plaintext data dump. The method he suggested is to use bcrypt algorithm...which automagically handle the salting part well.
The code below is my own experiment with the bcrypt package for Golang and see if it can be useful to you.
UPDATE: Fixed errata cipherText := saltedCipherText[23:]
to cipherText := saltedCipherText[22:]
Thanks Steve Sharp for pointing out.
Here you go!
package main
import (
"fmt"
"golang.org/x/crypto/bcrypt"
"strings"
)
func main() {
passwd := []byte("password")
hashedPassword, err := bcrypt.GenerateFromPassword(passwd, 10)
if err != nil {
panic(err)
}
fmt.Printf("The hashed password is : %s\n", string(hashedPassword))
fmt.Printf("%q\n", strings.SplitN(string(hashedPassword), "$", 4))
parts := strings.SplitN(string(hashedPassword), "$", 4)
algorithm := parts[1]
costFactor := parts[2] // number of iterations. Higher cost will increase brute force difficulty
saltedCipherText := parts[3]
fmt.Println("Algorithm : ", algorithm)
fmt.Println("Cost Factor : ", costFactor)
fmt.Println("Salt + Cipher Text : ", saltedCipherText)
// in case you still want to store the salt separately in your database
salt := saltedCipherText[0:22]
fmt.Println("Salt : ", salt)
cipherText := saltedCipherText[22:]
fmt.Println("Cipher Text : ", cipherText)
}
Sample output :
The hashed password is : $2a$10$qevL45Hnebe0SlbTKT36kuX87fq/sWDjzozJ/4OMh1hPcOo/SASqO
["" "2a" "10" "qevL45Hnebe0SlbTKT36kuX87fq/sWDjzozJ/4OMh1hPcOo/SASqO"]
Algorithm : 2a
Cost Factor : 10
Salt + Cipher Text : qevL45Hnebe0SlbTKT36kuX87fq/sWDjzozJ/4OMh1hPcOo/SASqO
Salt : qevL45Hnebe0SlbTKT36ku
Cipher Text : X87fq/sWDjzozJ/4OMh1hPcOo/SASqO
References :
https://github.com/golang/crypto/blob/master/bcrypt/bcrypt_test.go
See also : Golang : Securing password with salt
By Adam Ng
IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.
Advertisement
Tutorials
+7.8k Golang : Find relative luminance or color brightness
+10.7k Google Maps URL parameters configuration
+9.1k Golang : Get all countries currencies code in JSON format
+4.9k Python : Convert(cast) string to bytes example
+17.1k Golang : [json: cannot unmarshal object into Go value of type]
+14.6k Golang : Accurate and reliable decimal calculations
+13.7k Golang : syscall.Socket example
+7.6k Golang : Get all countries phone codes
+26.6k Golang : Find files by name - cross platform example
+6.3k Unix/Linux : How to fix CentOS yum duplicate glibc or device-mapper-libs dependency error?
+8.8k Golang : How to check if a string with spaces in between is numeric?