Django Password Hashers library in Go to perform user validation against legacy databases. You can also use it as a standard password hasher for newer Go applications.
Unchained works with Go 1.6 and higher.
go get github.com/alexandrevicenzi/unchained
Hasher | Encode | Decode | Dependencies |
---|---|---|---|
Argon2 | ✔ | ✔ | golang.org/x/crypto/argon2 |
BCrypt | ✔ | ✔ | golang.org/x/crypto/bcrypt |
BCrypt SHA256 | ✔ | ✔ | golang.org/x/crypto/bcrypt |
Crypt | ✘ | ✘ | |
MD5 | ✘ | ✘ | |
PBKDF2 SHA1 | ✔ | ✔ | golang.org/x/crypto/pbkdf2 |
PBKDF2 SHA256 | ✔ | ✔ | golang.org/x/crypto/pbkdf2 |
SHA1 | ✘ | ✘ | |
Unsalted MD5 | ✘ | ✘ | |
Unsalted SHA1 | ✘ | ✘ |
Crypt support is not planned because it's UNIX only.
BCrypt hasher does not allow to set custom salt as in Django. If you encode the same password multiple times you will get different hashes. This limitation comes from golang.org/x/crypto/bcrypt library.
package main
import "github.com/alexandrevicenzi/unchained"
func main() {
hash, err := unchained.MakePassword("my-password", unchained.GetRandomString(12), "default")
if err == nil {
fmt.Println(hash)
} else {
fmt.Printf("Error encoding password: %s\n", err)
}
}
package main
import "github.com/alexandrevicenzi/unchained"
func main() {
valid, err := unchained.CheckPassword("admin", "pbkdf2_sha256$24000$JMO9TJawIXB1$5iz40fwwc+QW6lZY+TuNciua3YVMV3GXdgkhXrcvWag=")
if valid {
fmt.Println("Password is valid.")
} else {
if err == nil {
fmt.Println("Password is invalid.")
} else {
fmt.Printf("Error decoding password: %s\n", err)
}
}
}
- BCrypt salt support
- Weak hashers support
MIT
- Django compatible signing for Go (
django.core.signing
)