I am working on my authorization module in GoLang. Before we used PHP5 with the crypt function. The hash was generated like SHA-512:
$6$rounds=5000$usesomesillystri$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21
And stored like that in the database. But now I need make it work also in GoLang. I have searched on Google and tried different things, such as:
t512 := sha512_crypt.Crypt("rasmuslerdorf", "$6$usesomesillystringforsalt$")
fmt.Printf("hash: %vn", t512)
But all generate different things. Who can help us further?
We want validate and create hashes like the php version.
Thanks in advance.
Advertisement
Answer
The osutil library at https://github.com/kless/osutil has support for all crypt() hash types.
Your password hash can be produced with the following php code:
echo crypt('rasmuslerdorf', '$6$usesomesillystringforsalt');
This code produces the following hash:
$6$usesomesillystri$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21
This can be reproduced in Go like this:
package main
import (
"fmt"
"github.com/kless/osutil/user/crypt/sha512_crypt"
)
func main() {
c := sha512_crypt.New()
hash, err := c.Generate([]byte("rasmuslerdorf"), []byte("$6$usesomesillystringforsalt"))
if err != nil {
panic(err)
}
fmt.Println(hash)
}
When run, it also produces the correct hash:
$6$usesomesillystri$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21
I hope this answers your question.
While implementing this please note that only 16 characters are used from the salt, so the same hash is returned for the salt usesomesillystri. Make sure that you choose random salts in the production code.