Golang : Bcrypting password
From my past tutorial on salting password, a reader pointed out that there is a better way to handle/protect users passwords in case hackers managed to get the database plaintext data dump. The method he suggested is to use bcrypt algorithm...which automagically handle the salting part well.
The code below is my own experiment with the bcrypt package for Golang and see if it can be useful to you.
UPDATE: Fixed errata cipherText := saltedCipherText[23:]
to cipherText := saltedCipherText[22:]
Thanks Steve Sharp for pointing out.
Here you go!
package main
import (
"fmt"
"golang.org/x/crypto/bcrypt"
"strings"
)
func main() {
passwd := []byte("password")
hashedPassword, err := bcrypt.GenerateFromPassword(passwd, 10)
if err != nil {
panic(err)
}
fmt.Printf("The hashed password is : %s\n", string(hashedPassword))
fmt.Printf("%q\n", strings.SplitN(string(hashedPassword), "$", 4))
parts := strings.SplitN(string(hashedPassword), "$", 4)
algorithm := parts[1]
costFactor := parts[2] // number of iterations. Higher cost will increase brute force difficulty
saltedCipherText := parts[3]
fmt.Println("Algorithm : ", algorithm)
fmt.Println("Cost Factor : ", costFactor)
fmt.Println("Salt + Cipher Text : ", saltedCipherText)
// in case you still want to store the salt separately in your database
salt := saltedCipherText[0:22]
fmt.Println("Salt : ", salt)
cipherText := saltedCipherText[22:]
fmt.Println("Cipher Text : ", cipherText)
}
Sample output :
The hashed password is : $2a$10$qevL45Hnebe0SlbTKT36kuX87fq/sWDjzozJ/4OMh1hPcOo/SASqO
["" "2a" "10" "qevL45Hnebe0SlbTKT36kuX87fq/sWDjzozJ/4OMh1hPcOo/SASqO"]
Algorithm : 2a
Cost Factor : 10
Salt + Cipher Text : qevL45Hnebe0SlbTKT36kuX87fq/sWDjzozJ/4OMh1hPcOo/SASqO
Salt : qevL45Hnebe0SlbTKT36ku
Cipher Text : X87fq/sWDjzozJ/4OMh1hPcOo/SASqO
References :
https://github.com/golang/crypto/blob/master/bcrypt/bcrypt_test.go
See also : Golang : Securing password with salt
By Adam Ng
IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.
Advertisement
Tutorials
+44.6k Golang : Upload file from web browser to server
+15.7k Golang : GORM create record or insert new record into database example
+3.5k Golang : Join lines with certain suffix symbol example
+11.9k Golang : Display list of time zones with GMT
+8.6k Golang : Get month name from date example
+4.6k Fix sudo yum hang problem with no output or error messages
+3.6k Golang : Display advertisement images or strings on random order
+21.3k Golang : Converting a negative number to positive number
+17.4k Golang : simulate tail -f or read last line from log file example
+3.8k Swift : Get substring with rangeOfString() function example
+4.4k Golang : How to iterate a slice without using for loop?