Forked from mununki/user_password_django_pbkdf2_sha256.go
Created
January 17, 2022 04:01
-
-
Save ekyfauzi/674c197ea76e4546832adfa669d19a25 to your computer and use it in GitHub Desktop.
[Go] Implementation Django default password hashing PBKDF2_SHA256 with Go
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import ( | |
| "crypto/rand" | |
| "crypto/sha256" | |
| "crypto/subtle" | |
| "encoding/base64" | |
| "strconv" | |
| "strings" | |
| "time" | |
| "golang.org/x/crypto/pbkdf2" | |
| ) | |
| // HashPassword : hashing the password using PBKDF2_SHA256 | |
| func (user *User) HashPassword() error { | |
| randByte := make([]byte, 8) | |
| _, err := rand.Read(randByte) | |
| if err != nil { | |
| return err | |
| } | |
| base64RandByte := base64.StdEncoding.EncodeToString(randByte) | |
| salt := []byte(base64RandByte) | |
| iter := 100000 | |
| dk := pbkdf2.Key([]byte(user.Password), salt, iter, 32, sha256.New) | |
| hashedPW := "pbkdf2_sha256$100000$" + string(salt) + "$" + base64.StdEncoding.EncodeToString(dk) | |
| user.Password = hashedPW | |
| return nil | |
| } | |
| // ComparePassword : compare the password | |
| func (user *User) ComparePassword(password string) bool { | |
| splitted := strings.Split(user.Password, "$") | |
| salt := []byte(splitted[2]) | |
| // saved password iteration value should be converted to int | |
| iter, _ := strconv.Atoi(splitted[1]) | |
| dk := pbkdf2.Key([]byte(password), salt, iter, 32, sha256.New) | |
| hashedPW := "pbkdf2_sha256$100000$" + splitted[2] + "$" + base64.StdEncoding.EncodeToString(dk) | |
| if subtle.ConstantTimeCompare([]byte(user.Password), []byte(hashedPW)) == 0 { | |
| return false | |
| } | |
| return true | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment