3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-12-23 03:02:48 +01:00
ergo/irc/passwd/bcrypt.go

35 lines
1.3 KiB
Go
Raw Normal View History

// Copyright (c) 2018 Shivaram Lingamneni
// released under the MIT license
package passwd
import "golang.org/x/crypto/bcrypt"
import "golang.org/x/crypto/sha3"
const (
MinCost = bcrypt.MinCost
DefaultCost = 12 // ballpark: 250 msec on a modern Intel CPU
)
// implements Dropbox's strategy of applying an initial pass of a "normal"
// (i.e., fast) cryptographically secure hash with 512 bits of output before
// applying bcrypt. This allows the use of, e.g., Diceware/XKCD-style passphrases
// that may be longer than the 80-character bcrypt limit.
// https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-passwords/
// we are only using this for user-generated passwords, as opposed to the server
// and operator passwords that are hashed by `oragono genpasswd` and then
// hard-coded by the server admins into the config file, to avoid breaking
// backwards compatibility (since we can't upgrade the config file on the fly
// the way we can with the database).
func GenerateFromPassword(password []byte, cost int) (result []byte, err error) {
sum := sha3.Sum512(password)
return bcrypt.GenerateFromPassword(sum[:], cost)
}
func CompareHashAndPassword(hashedPassword, password []byte) error {
sum := sha3.Sum512(password)
return bcrypt.CompareHashAndPassword(hashedPassword, sum[:])
}