drhwb470572
2013-08-31 07:23
浏览 61
已采纳

Golang / App Engine-安全地哈希用户密码

I have typically used the bcrypt library to do password hashing, but am unable to do so because of the library's use of syscall. I have also tried scrypt. What other ways are secure, and which would be the best way?

图片转代码服务由CSDN问答提供 功能建议

我通常使用bcrypt库进行密码哈希处理,但由于使用了该库而无法这样做 <代码>系统调用。 我也尝试过scrypt。 其他哪些方法是安全的,哪一种是最佳方法?

  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • doushe2513 2013-11-07 04:43
    已采纳

    Have a look at go.crypto. It offers support for pbkdf2 and bcrypt. Both implementations are purely written in Go and should work on GAE just fine.

    The most simple to use is probably bcrypt. To get the package run:

    go get golang.org/x/crypto/bcrypt
    

    Example usage:

    import "golang.org/x/crypto/bcrypt" 
    
    func clear(b []byte) {
        for i := 0; i < len(b); i++ {
            b[i] = 0;
        }
    }
    
    func Crypt(password []byte) ([]byte, error) {
        defer clear(password)
        return bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
    }
    
    ctext, err := Crypt(pass)
    
    if err != nil {
        log.Fatal(err)
    }
    
    fmt.Println(string(ctext))
    

    The output will be something like this:

    $2a$10$sylGijT5CIJZ9ViJsxZOS.IB2tOtJ40hf82eFbTwq87iVAOb5GL8e
    

    If you want simply the hash, use pbkdf2. Example:

    import "golang.org/x/crypto/pbkdf2"
    
    func HashPassword(password, salt []byte) []byte {
        defer clear(password)
        return pbkdf2.Key(password, salt, 4096, sha256.Size, sha256.New)
    }
    
    pass := []byte("foo")
    salt := []byte("bar")
    
    fmt.Printf("%x
    ", HashPassword(pass, salt))
    
    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题