argon2

package module

v1.0.0 Latest Latest Go to latest Published: Jul 22, 2025 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/calico32/argon2

Links

Open Source Insights

README ¶

argon2

Package argon2 implements simple password hashing and verification using golang.org/x/crypto/argon2. It supports the Argon2id variant only and provides sensible and secure defaults for password hashing.

Documentation ¶

Overview ¶

Package argon2 implements simple password hashing and verification using golang.org/x/crypto/argon2. It supports the Argon2id variant only and provides sensible and secure defaults for password hashing.

A hash can be generated by calling Hash with a password, which returns a PHC-formatted string that can be stored in a database. Later, a password can be verified against the hash using Verify.

The default parameters are m=47104, t=1, and p=1 (which are recommended by the OWASP Password Storage Cheat Sheet), using a 16-byte salt and 32-byte key. For other use cases, one can customize the parameters by using NewHash to create an Argon2 instance with the desired parameters.

Index ¶

Variables
func Hash(password []byte) []byte
func New() argon2id
func NewHash(time, memory uint32, threads uint8, saltLen, keyLen uint32) argon2id
func Parse(hash []byte) (h argon2id, salt []byte, key []byte, err error)
func Verify(hash, password []byte) bool

Examples ¶

Hash

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrInvalidHash = errors.New("invalid hash format or parameters")
	ErrInvalidType = errors.New("invalid hash type (only argon2id is supported)")
)

Functions ¶

func Hash ¶

func Hash(password []byte) []byte

Hash generates a hash for the given password using the default parameters and returns a PHC-formatted string representing the hash.

Example ¶

package main

import (
	"fmt"

	"github.com/calico32/argon2"
)

func main() {
	hash := argon2.Hash([]byte("examplepassword"))
	// save hash to database or use it as needed

	// later:
	// get password from user to verify
	password := []byte("examplepassword")
	if !argon2.Verify(hash, password) {
		// verification failed
		fmt.Println("Incorrect username or password")
		return
	}

	// verification succeeded
	fmt.Println("Welcome back!")
}

func New ¶

func New() argon2id

New creates a new Argon2 instance with default parameters, suitable for hashing passwords.

The default parameters are:

time: 1
memory: 47104 (46 MiB)
parallelism: 1
salt length: 16 bytes
key length: 32 bytes

func NewHash ¶

func NewHash(time, memory uint32, threads uint8, saltLen, keyLen uint32) argon2id

NewHash creates a new Argon2 instance with the specified parameters. Consult the OWASP Password Storage Cheat Sheet when choosing parameters if unsure.

Consider using the default parameters (via New or Hash) for password hashing.

func Parse ¶

func Parse(hash []byte) (h argon2id, salt []byte, key []byte, err error)

Parse parses the PHC-formatted argon2id hash and returns its parameters, salt, and key.

func Verify ¶

func Verify(hash, password []byte) bool

Verify verifies the given password against the PHC-formatted argon2id hash. It returns true if the password matches the hash and false if the hash is invalid or the password does not match.

Types ¶

This section is empty.

Source Files ¶

View all Source files

argon2.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL