I've written a short program in Go to generate a bcrypt password hash from a password provided via stdin. Minimal example below:
package main
import (
"bufio"
"fmt"
"golang.org/x/crypto/bcrypt"
)
func main() {
fmt.Println("Enter password:")
reader := bufio.NewReader(os.Stdin)
inputPassword, _ := reader.ReadString('
')
inputPasswordBytes := []byte(inputPassword)
hashBytes, _ := bcrypt.GenerateFromPassword(inputPasswordBytes, bcrypt.DefaultCost)
hashStr := string(hashBytes)
fmt.Println(hashStr)
}
In another program (a Go web-server) I accept the user's password from a HTTP POST request and test it against a hash generated with the code above and saved to a configuration file that's loaded at startup, like so:
func authenticateHashedPassword(inputPassword string) bool {
configPasswordHashBytes := []byte(server.Config.Net.Auth.Password)
inputPasswordBytes := []byte(inputPassword)
err := bcrypt.CompareHashAndPassword(configPasswordHashBytes, inputPasswordBytes)
if err != nil {
return false
}
return true
}
However this reports failure when I know inputPassword is correct. After some investigation I saw that my initial func main above was generating the wrong output when I used this website to test my values: https://www.dailycred.com/article/bcrypt-calculator - it says all of the output I generate doesn't match the desired passwords.
I'm assuming there's something wrong going on with the character encoding or other details when I do []byte(inputPassword) - is it perhaps including the trailing line-ending?
Unfortunately I cannot step-through debug my program because Visual Studio Code's Go language tools and debugger does not support using standard-IO: https://github.com/Microsoft/vscode-go/issues/219
