I am working on my authorization module in GoLang. Before we used PHP5 with the crypt function. The hash was generated like SHA-512:
$6$rounds=5000$usesomesillystri$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21
And stored like that in the database. But now I need make it work also in GoLang. I have searched on Google and tried different things, such as:
t512 := sha512_crypt.Crypt("rasmuslerdorf", "$6$usesomesillystringforsalt$") fmt.Printf("hash: %vn", t512)
But all generate different things. Who can help us further?
We want validate and create hashes like the php version.
Thanks in advance.
Advertisement
Answer
The osutil
library at https://github.com/kless/osutil has support for all crypt()
hash types.
Your password hash can be produced with the following php code:
echo crypt('rasmuslerdorf', '$6$usesomesillystringforsalt');
This code produces the following hash:
$6$usesomesillystri$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21
This can be reproduced in Go like this:
package main import ( "fmt" "github.com/kless/osutil/user/crypt/sha512_crypt" ) func main() { c := sha512_crypt.New() hash, err := c.Generate([]byte("rasmuslerdorf"), []byte("$6$usesomesillystringforsalt")) if err != nil { panic(err) } fmt.Println(hash) }
When run, it also produces the correct hash:
$6$usesomesillystri$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21
I hope this answers your question.
While implementing this please note that only 16 characters are used from the salt, so the same hash is returned for the salt usesomesillystri
. Make sure that you choose random salts in the production code.