Hello, If you want to store passwords, then bcrypt <https://godoc.org/golang.org/x/crypto/bcrypt>, scrypt <https://godoc.org/golang.org/x/crypto/scrypt>, and argon2 <https://godoc.org/golang.org/x/crypto/argon2> are commonly used. They are available in Go's extended library.
SHA is a hashing algorithm but by itself is not meant for password storage. Unlike bcrypt, scrypt and argon2, SHA is designed to be fast. It is meant to be used in conjunction with other cryptographic primitives. All those mentioned above are one way hashing algorithms. If you use any of them to 'protect' email addresses, you will not be able to recover those addresses. You need encryption and not hashing to protect those email addresses. If you are not familiar with cryptographic primitives, you are better off using higher level cryptographic libraries such as NaCL <https://godoc.org/golang.org/x/crypto/nacl>. There are many things that may go wrong when building your own cryptographic solution. On Monday, April 22, 2019 at 5:14:48 PM UTC+7, whiteh...@googlemail.com wrote: > > I'm porting some code over to Go, and currently looking at some password > hashing. I'm wondering if there is a 'standard library' alternative to > using bcrypt? > > I am concerned about the Go binary size, since I'm already at 15MB! So > I'm trying to limit external dependencies as much as possible. > > The data being stored is not critical or sensitive, just some email > address mainly. > > From my research it sounds like 'golang.org/pkg/crypto/sha512/' might be > what I need, but I dont see any clear alternative for the following > functions below: > > I'm still new to Go, so I'm wondering what would be the recommended > solution using the standard library please? > > Peter > > > bcrypt.GenerateFromPassword > > bcrypt.CompareHashAndPassword > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
