+++ WARNING +++
This is just a little test. It should NOT be used for your passwords unless you know what you're doing. I (on the other hand) do NOT know what I'm doing, so please, don't trust this code.
+++ WARNING +++
From : https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-passwords/
All I wanted to do was try and copy what Dropbox did for their passwords, in Go. Whether this is correct or not, I have no idea. It was a coding challenge only.
But ... I'd love it if you could fork this and make it better and more correct. Ping me at @andychilton.
$ go run pw.go
2016/10/03 22:48:09 Hashed = 6bd54875a5abdc46ab6b871e7271b1174239422f55416965364b76364f61687439485762616f4863545a6b31763734556d6d55715276496267744f53
$ go run pw.go
2016/10/03 23:01:04 Hashed = 439903360a1292949e1eb7e29d8b9d8d724953655a4344506d446e55754d59435556314962494f6e2f6e664932382f797a71726d71354b6f58494875
$ go run pw.go
2016/10/03 23:01:07 Hashed = 8955d598ed168fa7e6df501cc30dd80e6a53566d36425955506f4534755667525152574f46674f734d6c3262764d3358416462337743495679426869
Andrew Chilton. (Yes, I know my website is currently not serving on https. Go figure.)
I know this is Dropbox's idea but they blogged about it publicly, so I tried it. Everything I've put here is the following license:
- WTFPL - http://www.wtfpl.net/
(Ends)
Cool, thanks @devd. I have base64 encoded the output of the sha512. I'm still grokking a few things related to what you mean by the AES stuff, seal and ars_gcm. :)
I've been thinking about the versioned scheme. I guess it could be something like a type which knows about every scheme you've ever done, and essentially loops through each to check if the password is correct. Also, the same type, if given a password always encodes for the latest version. By version, that not only includes how, but also valid keys too. I dunno ... am just thinking out loud.