GitHub/ergo
3
0
Fork 0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-22 11:59:40 +01:00
Code Issues Projects Releases Wiki Activity
devel+passhashingv2
ergo/irc/passwd/unsalted.go
Daniel Oaks bf04dc24f9 Upgrade password hashing. 
Previously, we generated and prepended a long salt before generating
password hashes. This resulted in the hash verification cutting off long
before it should do. This form of salting is also not necessary with
bcrypt as it's provided by the password hashing and verification
functions themselves, so totally rip it out.

This commit also adds the functionality for the server to automagically
upgrade users to use the new hashing system, which means better
security and more assurance that people can't bruteforce passwords.

No need to apply a database upgrade to do this, whoo! \o/
2018-04-01 17:12:41 +10:00

54 lines
1.5 KiB
Go
Raw Permalink Blame History

// Copyright (c) 2012-2014 Jeremy Latt
// released under the MIT license
package passwd
import (
"encoding/base64"
"errors"
"golang.org/x/crypto/bcrypt"
)
var (
// ErrEmptyPassword means that an empty password was given.
ErrEmptyPassword = errors.New("empty password")
)
// GenerateEncodedPasswordBytes returns an encrypted password, returning the bytes directly.
func GenerateEncodedPasswordBytes(passwd string) (encoded []byte, err error) {
if passwd == "" {
err = ErrEmptyPassword
return
}
encoded, err = bcrypt.GenerateFromPassword([]byte(passwd), bcrypt.MinCost)
return
}
// GenerateEncodedPassword returns an encrypted password, encoded into a string with base64.
func GenerateEncodedPassword(passwd string) (encoded string, err error) {
bcrypted, err := GenerateEncodedPasswordBytes(passwd)
encoded = base64.StdEncoding.EncodeToString(bcrypted)
return
}
// DecodePasswordHash takes a base64-encoded password hash and returns the appropriate bytes.
func DecodePasswordHash(encoded string) (decoded []byte, err error) {
if encoded == "" {
err = ErrEmptyPassword
return
}
decoded, err = base64.StdEncoding.DecodeString(encoded)
return
}
// ComparePassword compares a given password with the given hash.
func ComparePassword(hash, password []byte) error {
return bcrypt.CompareHashAndPassword(hash, password)
}
// ComparePasswordString compares a given password string with the given hash.
func ComparePasswordString(hash []byte, password string) error {
return ComparePassword(hash, []byte(password))
}
Reference in New Issue View Git Blame Copy Permalink