Passwordhash
Go package for safe password hashing and comparison. (THIS PACKAGE IS DEPRECATED! USE bcrypt OR scrypt FROM go.crypto)
Install / Use
/learn @dchest/PasswordhashREADME
WARNING
This package is deprecated! Do not use for new projects.
Instead of it, use scrypt or bcrypt from the official go.crypto repository:
- https://code.google.com/p/go/source/browse/scrypt/?repo=crypto
- https://code.google.com/p/go/source/browse/bcrypt/?repo=crypto
Drawbacks of this package are:
-
Deriving 64-byte output from HMAC-SHA256-PBKDF2 allows for 2x speedup of attacks (PBKDF2 takes twice as long to derive 64 bytes, but attackers only need to derive 32 bytes to compare matches).
-
Default number of iterations (5000) is too low for most uses.
-
Currenly Go's SHA256 implementation is too slow.
If you use this package, but do not use full 64-byte output for any purposes other than what this package provides, please switch import to:
import "github.com/dchest/passwordhash/fixed/passwordhash"
The "fixed" version uses only the first 32 bytes of hash for comparison to avoid the speedup attack, and the default number of iterations is increased to 100000.
Related Skills
node-connect
346.8kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
107.6kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
346.8kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
346.8kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
