Golang/App Engine – 安全地对用户密码进行哈希处理

huangapple go评论99阅读模式
英文:

Golang/App Engine - securely hashing a user's password

问题

我通常使用bcrypt库来进行密码哈希,但由于该库使用了syscall,所以无法使用。我也尝试过scrypt。还有哪些安全的方法,哪种方法是最好的?

英文:

I have typically used the bcrypt library to do password hashing, but am unable to do so because of the library's use of syscall. I have also tried scrypt. What other ways are secure, and which would be the best way?

答案1

得分: 14

请看一下go.crypto。它提供了对pbkdf2和bcrypt的支持。
这两个实现都是纯粹用Go语言编写的,应该可以在GAE上正常工作。

其中最简单易用的可能是bcrypt。
要获取该包,请运行以下命令:

go get golang.org/x/crypto/bcrypt

示例用法:

import "golang.org/x/crypto/bcrypt"

func clear(b []byte) {
    for i := 0; i < len(b); i++ {
        b[i] = 0;
    }
}

func Crypt(password []byte) ([]byte, error) {
    defer clear(password)
    return bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
}

ctext, err := Crypt(pass)

if err != nil {
    log.Fatal(err)
}

fmt.Println(string(ctext))

输出将类似于:

$2a$10$sylGijT5CIJZ9ViJsxZOS.IB2tOtJ40hf82eFbTwq87iVAOb5GL8e

如果你只想要哈希值,可以使用pbkdf2。示例:

import "golang.org/x/crypto/pbkdf2"

func HashPassword(password, salt []byte) []byte {
    defer clear(password)
    return pbkdf2.Key(password, salt, 4096, sha256.Size, sha256.New)
}

pass := []byte("foo")
salt := []byte("bar")

fmt.Printf("%x\n", HashPassword(pass, salt))
英文:

Have a look at go.crypto. It offers support for pbkdf2 and bcrypt.
Both implementations are purely written in Go and should work on GAE just fine.

The most simple to use is probably bcrypt.
To get the package run:

go get golang.org/x/crypto/bcrypt

Example usage:

import &quot;golang.org/x/crypto/bcrypt&quot; 

func clear(b []byte) {
	for i := 0; i &lt; len(b); i++ {
		b[i] = 0;
	}
}

func Crypt(password []byte) ([]byte, error) {
	defer clear(password)
	return bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
}

ctext, err := Crypt(pass)

if err != nil {
    log.Fatal(err)
}

fmt.Println(string(ctext))

The output will be something like this:

$2a$10$sylGijT5CIJZ9ViJsxZOS.IB2tOtJ40hf82eFbTwq87iVAOb5GL8e

If you want simply the hash, use pbkdf2. Example:

import &quot;golang.org/x/crypto/pbkdf2&quot;

func HashPassword(password, salt []byte) []byte {
	defer clear(password)
	return pbkdf2.Key(password, salt, 4096, sha256.Size, sha256.New)
}

pass := []byte(&quot;foo&quot;)
salt := []byte(&quot;bar&quot;)

fmt.Printf(&quot;%x\n&quot;, HashPassword(pass, salt))

huangapple
  • 本文由 发表于 2013年8月31日 15:23:48
  • 转载请务必保留本文链接:https://go.coder-hub.com/18545676.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定