I set up a site with Node.js+passport for user authentication.
Now I need to migrate to Golang, and need to do authentication with the user passwords saved in db.
The Node.js encryption code is:
var bcrypt = require('bcrypt'); bcrypt.genSalt(10, function(err, salt) { if(err) return next(err); bcrypt.hash(user.password, salt, function(err, hash) { if(err) return next(err); user.password = hash; next(); }); });
How to make the same hashed string as Node.js bcrypt with Golang?
The bcrypt npm package is a JavaScript implementation of the bcrypt password hashing function that allows you to easily create a hash out of a password string . Unlike encryption which you can decode to get back the original password, hashing is a one-way function that can't be reversed once done.
Check A User Entered Password const bcrypt = require("bcryptjs") const passwordEnteredByUser = "mypass123" const hash = "YOUR_HASH_STRING" bcrypt. compare(passwordEnteredByUser, hash, function(err, isMatch) { if (err) { throw err } else if (! isMatch) { console. log("Password doesn't match!") } else { console.
The bcrypt hashing function allows us to build a password security platform that scales with computation power and always hashes every password with a salt.
The problems present in traditional UNIX password hashes led naturally to a new password scheme which we call bcrypt, referring to the Blowfish encryption algorithm. Bcrypt uses a 128-bit salt and encrypts a 192-bit magic value. It takes advantage of the expensive key setup in eksblowfish.
Using the golang.org/x/crypto/bcrypt package, I believe the equivalent would be:
hashedPassword, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
Working example:
package main import ( "golang.org/x/crypto/bcrypt" "fmt" ) func main() { password := []byte("MyDarkSecret") // Hashing the password with the default cost of 10 hashedPassword, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost) if err != nil { panic(err) } fmt.Println(string(hashedPassword)) // Comparing the password with the hash err = bcrypt.CompareHashAndPassword(hashedPassword, password) fmt.Println(err) // nil means it is a match }
Take a look at the bcrypt package from go.crypto (docs are here).
To install it, use
go get golang.org/x/crypto/bcrypt
A blog entry describing the usage of the bcrypt package can be found here. It's from the guy who wrote the package, so it should work ;)
One difference to the node.js library you are using is that the go package doesn't have an (exported) genSalt
function, but it will generate the salt automatically when you call bcrypt.GenerateFromPassword
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With