New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/crypto: add crypt(3) password hash algorithms #14274
Comments
Seems reasonable to me, but CC @agl. |
Ping @agl , does this sound like something you'd accept if I send patches? |
Ping. |
With suitable documentation as you mentioned, this sounds reasonable. Feel free to send a CL. If if it turns out @agl later objects passionately, you can put it under go4.org if you want to give it a non-github import path. |
@danderson Any progress on this? I'm currently using a libpam wrapper but would much prefer a native implementation. |
Note that in the meantime, https://github.com/GehirnInc/crypt has appeared. |
There’s another copy of what seems to be largely the same code at https://github.com/tredoe/osutil/tree/master/user/crypt and https://github.com/ncw/pwhash. I’d say it makes sense to provide a canonical implementation in x/crypto :) |
I would like to see this added as well. I'm working on a libnss passwd/group/shadow module that stores users in etcd. Being able to build the hash withouth using a non-standard library or manually writing my own tool kit would be stellar. |
I can give this a stab. I've got some related FRs (e.g. abbot/go-http-auth#75, abbot/go-http-auth#48) and want to move the crypto-related code out of that package. And since there is already some requests to support other crypt(3) algorithms here, I'm happy to add this support. |
I'm writing code that has to generate crypt(3) compatible password hashes, for installation in /etc/shadow. A Google search for a library currently offers two abandoned github repositories, at least one of which is unsafe (ignores returned errors in the crypto logic), and a stack overflow answer that uses cgo to wrap libcrypt.
I'd like to propose adding solid Go implementations of the more common crypt(3) algorithms to x/crypto. Specifically, I'd like to have support for the${1,5,6}$ algorithms (resp. MD5, SHA256, SHA512), as well as the older DES-based algorithm for universality. The package documentation should include a recommendation against using the crypt(3) algorithms unless compatibility with crypt(3)-using code is necessary, since there exist much better KDFs already in x/crypto if you're working with a clean slate.
If this sounds reasonable, I'm volunteering to provide the implementation.
The text was updated successfully, but these errors were encountered: