Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Bcrypt password hashing in Golang (compatible with Node.js)?

Tags:

node.js

bcrypt

go

I set up a site with Node.js+passport for user authentication.

Now I need to migrate to Golang, and need to do authentication with the user passwords saved in db.

The Node.js encryption code is:

    var bcrypt = require('bcrypt');      bcrypt.genSalt(10, function(err, salt) {         if(err) return next(err);          bcrypt.hash(user.password, salt, function(err, hash) {             if(err) return next(err);             user.password = hash;             next();         });     }); 

How to make the same hashed string as Node.js bcrypt with Golang?

like image 874
Cid Huang Avatar asked Apr 24 '14 04:04

Cid Huang


People also ask

What is bcrypt hash in node JS?

The bcrypt npm package is a JavaScript implementation of the bcrypt password hashing function that allows you to easily create a hash out of a password string . Unlike encryption which you can decode to get back the original password, hashing is a one-way function that can't be reversed once done.

How does node JS compare with bcrypt password?

Check A User Entered Password const bcrypt = require("bcryptjs") const passwordEnteredByUser = "mypass123" const hash = "YOUR_HASH_STRING" bcrypt. compare(passwordEnteredByUser, hash, function(err, isMatch) { if (err) { throw err } else if (! isMatch) { console. log("Password doesn't match!") } else { console.

What is bcrypt password hashing?

The bcrypt hashing function allows us to build a password security platform that scales with computation power and always hashes every password with a salt.

Which hashing algorithm is used by bcrypt?

The problems present in traditional UNIX password hashes led naturally to a new password scheme which we call bcrypt, referring to the Blowfish encryption algorithm. Bcrypt uses a 128-bit salt and encrypts a 192-bit magic value. It takes advantage of the expensive key setup in eksblowfish.


2 Answers

Using the golang.org/x/crypto/bcrypt package, I believe the equivalent would be:

hashedPassword, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost) 

Working example:

package main  import (     "golang.org/x/crypto/bcrypt"     "fmt" )  func main() {     password := []byte("MyDarkSecret")      // Hashing the password with the default cost of 10     hashedPassword, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)     if err != nil {         panic(err)     }     fmt.Println(string(hashedPassword))      // Comparing the password with the hash     err = bcrypt.CompareHashAndPassword(hashedPassword, password)     fmt.Println(err) // nil means it is a match } 
like image 192
ANisus Avatar answered Oct 02 '22 03:10

ANisus


Take a look at the bcrypt package from go.crypto (docs are here).

To install it, use

go get golang.org/x/crypto/bcrypt 

A blog entry describing the usage of the bcrypt package can be found here. It's from the guy who wrote the package, so it should work ;)

One difference to the node.js library you are using is that the go package doesn't have an (exported) genSalt function, but it will generate the salt automatically when you call bcrypt.GenerateFromPassword.

like image 36
rob74 Avatar answered Oct 02 '22 05:10

rob74