Skip to content
Advertisement

Generating crypt() sha512 hashes in Go

I am working on my authorization module in GoLang. Before we used PHP5 with the crypt function. The hash was generated like SHA-512:

$6$rounds=5000$usesomesillystri$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21

And stored like that in the database. But now I need make it work also in GoLang. I have searched on Google and tried different things, such as:

t512 := sha512_crypt.Crypt("rasmuslerdorf", "$6$usesomesillystringforsalt$")
fmt.Printf("hash: %vn", t512)

But all generate different things. Who can help us further?

We want validate and create hashes like the php version.

Thanks in advance.

Advertisement

Answer

The osutil library at https://github.com/kless/osutil has support for all crypt() hash types.

Your password hash can be produced with the following php code:

echo crypt('rasmuslerdorf', '$6$usesomesillystringforsalt');

This code produces the following hash:

$6$usesomesillystri$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21

This can be reproduced in Go like this:

package main                                                

import (
    "fmt"

    "github.com/kless/osutil/user/crypt/sha512_crypt"
)

func main() {
    c := sha512_crypt.New()
    hash, err := c.Generate([]byte("rasmuslerdorf"), []byte("$6$usesomesillystringforsalt"))
    if err != nil {
        panic(err)
    }

    fmt.Println(hash)
}

When run, it also produces the correct hash:

$6$usesomesillystri$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21

I hope this answers your question.

While implementing this please note that only 16 characters are used from the salt, so the same hash is returned for the salt usesomesillystri. Make sure that you choose random salts in the production code.

User contributions licensed under: CC BY-SA
7 People found this is helpful
Advertisement