Reputation: 995
Bcrypt password hashing in Golang (compatible with Node.js)?
I set up a site with Node.js+passport for user authentication.
Now I need to migrate to Golang, and need to do authentication with the user passwords saved in db.
The Node.js encryption code is:
var bcrypt = require('bcrypt');
bcrypt.genSalt(10, function(err, salt) {
if(err) return next(err);
bcrypt.hash(user.password, salt, function(err, hash) {
if(err) return next(err);
user.password = hash;
next();
});
});
How to make the same hashed string as Node.js bcrypt with Golang?
Upvotes: 88
Views: 75235
Answers (4)
Reputation: 11
Another way
dataEncrypt, _ := bcrypt.GenerateFromPassword([]byte(yourData), bcrypt.DefaultCost)
the second parameter 'bcrypt' can take multiple values and for compare you can use
error := bcrypt.CompareHashAndPassword([]byte(yourDataEncript), []byte(dataText))
very useful for password use
Upvotes: 1
Reputation: 189
Firstly you need import the bcrypt package
go get golang.org/x/crypto/bcrypt
Then use GenerateFromPassword
bs, err := bcrypt.GenerateFromPassword([]byte(p), bcrypt.MinCost)
if err != nil {
http.Error(w, "Internal server error", http.StatusInternalServerError)
return
}
Upvotes: 2
Reputation: 5238
Take a look at the bcrypt package from go.crypto (docs are here).
To install it, use
go get golang.org/x/crypto/bcrypt
A blog entry describing the usage of the bcrypt package can be found here. It's from the guy who wrote the package, so it should work ;)
One difference to the node.js library you are using is that the go package doesn't have an (exported) genSalt function, but it will generate the salt automatically when you call bcrypt.GenerateFromPassword.
Upvotes: 9
Reputation: 77925
Using the golang.org/x/crypto/bcrypt package, I believe the equivalent would be:
hashedPassword, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
Working example:
package main
import (
"golang.org/x/crypto/bcrypt"
"fmt"
)
func main() {
password := []byte("MyDarkSecret")
// Hashing the password with the default cost of 10
hashedPassword, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
if err != nil {
panic(err)
}
fmt.Println(string(hashedPassword))
// Comparing the password with the hash
err = bcrypt.CompareHashAndPassword(hashedPassword, password)
fmt.Println(err) // nil means it is a match
}
Upvotes: 164
Related Questions
- encrypt/decrypt passwords with node.js
- What is an alternative for bcrypt to use with node?
- Go x/crypto/bcrypt: Using a custom salt when generating the password hash
- Password hashing using bcrypt in nodejs
- How to hash password with bcryptjs in node?
- Node.js password hashing bcrypt alternative using crypto
- Converting a Password Hashing Script from GO to Nodejs
- golang bcrypt returns in Bytes
- Is there any NodeJS bcrypt module that does not rely on node-gyp?
- Nodejs bcrypt library