Skip to content

Instantly share code, notes, and snippets.

@mununki
Last active July 21, 2024 19:28
Show Gist options
  • Save mununki/f4860b8e9b2e3d913408434f1bfb2fd7 to your computer and use it in GitHub Desktop.
Save mununki/f4860b8e9b2e3d913408434f1bfb2fd7 to your computer and use it in GitHub Desktop.
[Go] Implementation Django default password hashing PBKDF2_SHA256 with Go
import (
"crypto/rand"
"crypto/sha256"
"crypto/subtle"
"encoding/base64"
"strconv"
"strings"
"time"
"golang.org/x/crypto/pbkdf2"
)
// HashPassword : hashing the password using PBKDF2_SHA256
func (user *User) HashPassword() error {
randByte := make([]byte, 8)
_, err := rand.Read(randByte)
if err != nil {
return err
}
base64RandByte := base64.StdEncoding.EncodeToString(randByte)
salt := []byte(base64RandByte)
iter := 100000
dk := pbkdf2.Key([]byte(user.Password), salt, iter, 32, sha256.New)
hashedPW := "pbkdf2_sha256$100000$" + string(salt) + "$" + base64.StdEncoding.EncodeToString(dk)
user.Password = hashedPW
return nil
}
// ComparePassword : compare the password
func (user *User) ComparePassword(password string) bool {
splitted := strings.Split(user.Password, "$")
salt := []byte(splitted[2])
// saved password iteration value should be converted to int
iter, _ := strconv.Atoi(splitted[1])
dk := pbkdf2.Key([]byte(password), salt, iter, 32, sha256.New)
hashedPW := "pbkdf2_sha256$100000$" + splitted[2] + "$" + base64.StdEncoding.EncodeToString(dk)
if subtle.ConstantTimeCompare([]byte(user.Password), []byte(hashedPW)) == 0 {
return false
}
return true
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment