Giter Club home page Giter Club logo

noble's Introduction

Version Built with GoLang License Go Report Card Tests Go Coverage

Noble

Noble is a simple wrapper to make working with Go's implementation of Argon2 (specifically Argon2id) much easier. Argon2 is a modern ASIC-resistant and GPU-resistant secure key derivation function. It has better password cracking resistance (when configured correctly) than PBKDF2 , Bcrypt and Scrypt (for similar configuration parameters for CPU and RAM usage).

You would use this package when saving password hashes to a database for user authentication. While Go's bcrypt and scrypt packages are battle tested and popular, they are more vulnerable to password cracking, particularly with the advent of powerful GPU chips on modern systems.

Argon2 is a key derivation function that was selected as the winner of the 2015 Password Hashing Competition. It was designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich from the University of Luxembourg. There are three different versions of the algorithm, and according to OWASP, the Argon2id variant should be used, as it provides a balanced approach to resisting both side-channel and GPU-based attacks.

Installation

Install it in the usual way:

go get -u github.com/tsawler/noble

Example

package main

import (
	"fmt"
	"github.com/tsawler/noble"
	"log"
)

func main() {
	// Create an instance of the type noble.Argon.
	n := noble.New()

	// Try creating a hash from a password. The returned value will 
	// include the hash, as well as all information need to validate a 
	// password against that hash using argon2.
	password := "verysecret"
	hash, err := n.GeneratePasswordKey(password)
	if err != nil {
		log.Println(err)
	}

	fmt.Println("hash for", password, "\n\t", hash)

	// Try comparing a valid password against this hash.
	valid, err := n.ComparePasswordAndKey(password, hash)
	fmt.Println("First password/hash compare is", valid)

	// Now compare with an invalid password.
	valid, err = n.ComparePasswordAndKey(password+"fish", hash)
	fmt.Println("Second password/hash compare is", valid)
}

The output of this program is:

(base) tcs@Grendel nobleapp % go run .
hash for verysecret 
         $argon2id$v=19$m=61440,t=1,p=4$XjQXPOyUmwUJAFPgNSMi+w$ZhBXt6gtrBnNyrFQ+i0ZlTbLS6WWrK8WKRmVQtXbY/Y
First password/hash compare is true
Second password/hash compare is false

noble's People

Contributors

tsawler avatar

Stargazers

avatar Abdulhafiz KAŞGARLI avatar Wolfgang Ellsässer avatar Adam Chalkley avatar avatar

Watchers

avatar

Forkers

xenartist

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.