password

package

v0.2.1 Latest Latest Go to latest Published: Mar 31, 2026 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/MrEthical07/goAuth

Links

Open Source Insights

Documentation ¶

Overview ¶

Package password implements password hashing and verification with Argon2id defaults.

Output format ¶

Hashes are encoded in PHC string format:

$argon2id$v=19$m=<memory>,t=<time>,p=<threads>$<salt>$<hash>

The [Hasher] supports transparent parameter upgrades: if the stored hash was produced with weaker parameters, [Hasher.NeedsRehash] returns true so the caller can re-hash on the next successful login.

Architecture boundaries ¶

This package owns hashing and verification only. Password policy (length, reuse history) is enforced by the Engine.

What this package must NOT do ¶

Store or retrieve passwords — callers supply plaintext and receive hashes.
Import any other goAuth package.
Log plaintext passwords or hash parameters at runtime.

Index ¶

Constants
type Argon2
- func NewArgon2(cfg Config) (*Argon2, error)
type Config

Constants ¶

View Source

const (

	// DefaultMaxPasswordBytes is the default upper bound on password length.
	// Passwords longer than this are rejected before reaching Argon2 to
	// prevent memory-amplification DoS.
	DefaultMaxPasswordBytes = 1024
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Argon2 ¶

type Argon2 struct {
	// contains filtered or unexported fields
}

Argon2 is a password hasher using the Argon2id algorithm.

Docs: docs/password.md

func NewArgon2 ¶

func NewArgon2(cfg Config) (*Argon2, error)

NewArgon2 creates an Argon2id password hasher with the given parameters.

Docs: docs/password.md
Security: defaults follow OWASP recommendations.

func (*Argon2) Hash ¶

func (a *Argon2) Hash(password string) (string, error)

Hash produces an Argon2id hash string from a plaintext password.

Performance: ~100 ms with default parameters (64 MB memory).
Docs: docs/password.md

func (*Argon2) NeedsUpgrade ¶

func (a *Argon2) NeedsUpgrade(encodedHash string) (bool, error)

NeedsUpgrade reports whether the given hash was produced with older Argon2 parameters and should be re-hashed on next login.

Docs: docs/password.md

func (*Argon2) Verify ¶

func (a *Argon2) Verify(password string, encodedHash string) (bool, error)

Verify checks a plaintext password against an Argon2id hash string. Returns (true, nil) on match.

Performance: ~100 ms, constant-time comparison.
Docs: docs/password.md

type Config ¶

type Config struct {
	Memory      uint32
	Time        uint32
	Parallelism uint8
	SaltLength  uint32
	KeyLength   uint32

	// MaxPasswordBytes sets the upper bound on password length (in bytes).
	// Passwords longer than this are rejected before reaching Argon2.
	// Zero means DefaultMaxPasswordBytes (1024).
	MaxPasswordBytes int
}

Config holds Argon2id hashing parameters.

Docs: docs/password.md

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL