Bcrypt password hashing in Golang (compatible with Node.js)?
I set up a site with Node.js+passport for user authentication.
Now I need to migrate to Golang, and need to do authentication with the user passwords saved in db.
The Node.js encryption code is:
var bcrypt = require('bcrypt');
bcrypt.genSalt(10, function(err, salt) {
if(err) return next(err);
bcrypt.hash(user.password, salt, function(err, hash) {
if(err) return next(err);
user.password = hash;
next();
});
});
How to make the same hashed string as Node.js bcrypt with Golang?
Solution 1:
Using the golang.org/x/crypto/bcrypt package, I believe the equivalent would be:
hashedPassword, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
Working example:
package main
import (
"golang.org/x/crypto/bcrypt"
"fmt"
)
func main() {
password := []byte("MyDarkSecret")
// Hashing the password with the default cost of 10
hashedPassword, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
if err != nil {
panic(err)
}
fmt.Println(string(hashedPassword))
// Comparing the password with the hash
err = bcrypt.CompareHashAndPassword(hashedPassword, password)
fmt.Println(err) // nil means it is a match
}
Solution 2:
Take a look at the bcrypt package from go.crypto (docs are here).
To install it, use
go get golang.org/x/crypto/bcrypt
A blog entry describing the usage of the bcrypt package can be found here. It's from the guy who wrote the package, so it should work ;)
One difference to the node.js library you are using is that the go package doesn't have an (exported) genSalt function, but it will generate the salt automatically when you call bcrypt.GenerateFromPassword.
Solution 3:
Firstly you need import the bcrypt package
go get golang.org/x/crypto/bcrypt
Then use GenerateFromPassword
bs, err := bcrypt.GenerateFromPassword([]byte(p), bcrypt.MinCost)
if err != nil {
http.Error(w, "Internal server error", http.StatusInternalServerError)
return
}